E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


DEFUNCT WEB SITE LEAKS CREDIT CARD INFO

U.S. site that sold pornography closes, but directory reveals credit card, order details

Source: PC World

Posted on August 6, 2000

      Full details of hundreds of credit cards are out in the open. At the time of this writing, Monday July 31st, all customer orders of a U.S.-based electronic commerce site, with pornography as the best-selling item, were openly available online without any protection.

      The site lists information on more than 800 orders, all placed last year. More than 600 of these were paid by credit card. The numbers and expiration dates of the cards can be viewed by anyone. Order details also include the customers' names, mailing addresses, and the items ordered.

      The company, which according to Network Solutions' WHOIS database is based in Akron, Ohio, has a global clientele. Most buyers are from the United States and Canada; others come from Europe, South America, and Asia.

      One of the customers is an employee of Europol, a European law enforcement organization based in the Netherlands. The employee, who is not an investigator but a member of the Europol IT department, ordered a video CD entitled "Tiny Women And Massive Erections." He had it sent to his work address. The e-mail address he gave when placing the order ends with @europol.eu.int.

Large-Scale Breach of Privacy

      The e-commerce Web site is no longer operational, and instead of a virtual shop, visitors are met by a directory listing. Clicking through the various directories gives access to different parts of the store. Besides pornography, the Web shop also sold jewelry and security items like pepper spray. Every directory has a subdirectory named "orders," in which information about individual orders is stored.

      It is possible that many of the credit cards are still valid. Of the 600 cards, about 60 have not yet expired, including the card used by the Europol employee. With the expired cards it is fairly easy to guess the new expiration date. Many credit card companies send their customers new cards with the same number and add two years to the expiration date.

      This large-scale breach of privacy is also politically sensitive. Some of the orders were sent to Pakistan, Saudi Arabia, Dubai, and Singapore. People who possess pornography in these Islamic countries can face harsh penalties, which could explain why one customer requested his purchase of two X-rated DVD discs to be stripped of any marks identifying the discs as porn. "They should look like raw DVDs or CDs," the purchaser entered as a "special instruction."

      Credit card companies have been informed, as has the registered operator of the online shop, according to the Dutch Security Information Network, which first alerted Dutch IDG publication WebWereld to the security problem. A spokeswoman for MasterCard in the Netherlands says specialists are investigating the case.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.