• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Staples.com -> Security Flaw -- What should I do

S

statik213

Golden Member
OK, I just uncovered a dangerous flaw in the staples website that could compromise your 'net identity.' I'm not gonna advertise what it is here 'cos ppl. can use it against us. Or should I?

All I can say is, make sure you logout from your staples.com whenever you are done using it and this should take care of this issue. But do logout when your done.

God, I can't believe these people @ staples.com are so stupid!


edit: I've emailed them about it, hope they do something.
 
OK, just so that there's not wide-spread panic :shocked:. You should be OK if no one else has access to your computer or any computer you've logged into staples.com with.....
 
Originally posted by: statik213
OK, I just uncovered a dangerous flaw in the staples website that could compromise your 'net identity.' I'm not gonna advertise what it is here 'cos ppl. can use it against us. Or should I?

All I can say is, make sure you logout from your staples.com whenever you are done using it and this should take care of this issue. But do logout when your done.

God, I can't believe these people @ staples.com are so stupid!


edit: I've emailed them about it, hope they do something.
Click to expand...

If someone doesn't log off their PC and it gets compromised, would you call Microsoft "stupid"? :roll:
 
Originally posted by: AnyMal
Originally posted by: statik213
OK, I just uncovered a dangerous flaw in the staples website that could compromise your 'net identity.' I'm not gonna advertise what it is here 'cos ppl. can use it against us. Or should I?

All I can say is, make sure you logout from your staples.com whenever you are done using it and this should take care of this issue. But do logout when your done.

God, I can't believe these people @ staples.com are so stupid!


edit: I've emailed them about it, hope they do something.
Click to expand...

If someone doesn't log off their PC and it gets compromised, would you call Microsoft "stupid"? :roll:
Click to expand...

that's not the case.... they make your password available in clear plain text for anyone to read off.... is that good?

 
Originally posted by: statik213
Originally posted by: AnyMal
Originally posted by: statik213
OK, I just uncovered a dangerous flaw in the staples website that could compromise your 'net identity.' I'm not gonna advertise what it is here 'cos ppl. can use it against us. Or should I?

All I can say is, make sure you logout from your staples.com whenever you are done using it and this should take care of this issue. But do logout when your done.

God, I can't believe these people @ staples.com are so stupid!


edit: I've emailed them about it, hope they do something.
Click to expand...

If someone doesn't log off their PC and it gets compromised, would you call Microsoft "stupid"? :roll:
Click to expand...

that's not the case.... they make your password available in clear plain text for anyone to read off.... is that good?
Click to expand...


Question Mark
 
Question Mark => flaw

OK, got a BS reply:
xxx,

Thank you for contacting us on this website issue.

Currently, I am not showing this information in the HTML code. I do apologize if this is the case
with your information. Please change your password and check to see if it still gives this same
information after this is changed.

We thank you for your feedback. We will take this into consideration when developing future
versions of our site. In the meantime we would be glad to take your order over the phone. Our
customer service representatives can be reached at the following number:

1-800-3STAPLE (from the United States)

They would be happy to take your order over the phone and answer any questions.

We apologize for any inconvenience this may have caused you. Please do not hesitate to contact us
if you require further assistance.

Thank you for your inquiry,

Matt
Staples.com Website Support Representative

e-mail: website@orders.staples.com
phone : 1-800-3STAPLE (1-800-378-2753)
fax : 1-800-333-3199
online: http://www.staples.com/help/default.asp?zone=ntact
Click to expand...

do I just ignore this and hope I don't get screwed by this? I've changed my password on staples to something I don't use elsewhere....
ahhrghh... this is not my problem anyway....
 
Originally posted by: statik213
Question Mark => flaw

OK, got a BS reply:
xxx,

Thank you for contacting us on this website issue.

Currently, I am not showing this information in the HTML code. I do apologize if this is the case
with your information. Please change your password and check to see if it still gives this same
information after this is changed.

We thank you for your feedback. We will take this into consideration when developing future
versions of our site. In the meantime we would be glad to take your order over the phone. Our
customer service representatives can be reached at the following number:

1-800-3STAPLE (from the United States)

They would be happy to take your order over the phone and answer any questions.

We apologize for any inconvenience this may have caused you. Please do not hesitate to contact us
if you require further assistance.

Thank you for your inquiry,

Matt
Staples.com Website Support Representative

e-mail: website@orders.staples.com
phone : 1-800-3STAPLE (1-800-378-2753)
fax : 1-800-333-3199
online: http://www.staples.com/help/default.asp?zone=ntact
Click to expand...

do I just ignore this and hope I don't get screwed by this? I've changed my password on staples to something I don't use elsewhere....
ahhrghh... this is not my problem anyway....
Click to expand...


I think you need to take a dump!!!
 
I pity the fools who don't logout and clear cache after they're done shopping online and end a web surfing session. I PITY THE FOOL.
 
Thanks OP for the heads up.
It's good for everyone to keep security in mind.
It's too bad Staples didn't take you seriously enough to investigate further. I think you should try to contact someone at Staples who has more authority. The technical people always assume the customer is wrong. Sometimes they have to be hit in the head before they will acknowledge that a problem exists.
 
Who can I contact?
If anyone is serious about this I can PM a description of the problem (non newbie accounts only)
 
OMG, I just ordered 10 of these hot deals! Thanks OP! :roll:

If you're worried about the private info, just click Logout on staples.com.
 
UN-BE-LIEVABLE. It's pretty obvious what the issue is from the fact that you have to use the same computer, that automatically logs in, and then look at the response e-mail from Staples. I confirm that my password is viewable in plain text as well.

I love how it says "// For security purpose, user can't use back button to browse the previous page.", and yet they make your password plainly visible. Clearly "eknizek" could have done a better job with that page.
 
Good, someone else also sees this.... isn't this the sloppiest programming ever?
I mean someone really needs to get fired over this.... haven't they heard of hashing? god.. I've seen this happen on other less known sites but staples.com?


btw who's eknizek?
 
One way to get around this is to change your IP address to: 127.0.0.1. This is the "safety IP" that will keep this sort of thing from happening.
 
Originally posted by: dbleoslow
One way to get around this is to change your IP address to: 127.0.0.1. This is the "safety IP" that will keep this sort of thing from happening.
Click to expand...
What? That will just block your Internet access (until someone changes your IP back). It's easier and more effective to just log out of the Staples site, which you absolutely should do if someone potentially untrustworthy will be using your computer.
 
try typing in "poop" in the search engine see what comes up then tell me how smart the web devs are at Staples. All for laughs try "poorly manufactured parts" I had alot of time to play around while working there. Their website needs a HUGE overhaul.





From the search:
We have 2256 product(s) on our site containing poorly manufactured parts.
The following results matched your search:

Electronic Label Maker Tapes Visit this category for an exact match
 
Originally posted by: statik213
Good, someone else also sees this.... isn't this the sloppiest programming ever?
I mean someone really needs to get fired over this.... haven't they heard of hashing? god.. I've seen this happen on other less known sites but staples.com?


btw who's eknizek?
Click to expand...
From the comments at the top I think that is the name of the programmer.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top