Would this be considered a web security "breach"?

[Bumrush99]

So, I placed and account yesterday on letstalk.com for a new cellphone and service. Get a call from their credit department verifying some info because they have strict policies in place regarding fraud and identity theft.

Anyways, I log in today to check status on the order and when I click the order link, I get over 100 other order numbers that are not related to mine with status.. The info is not accessible, but it is still worrisome.

Do you guys think this is a security issue or a simple problem with their database? I would hate to think their website has that many security issues especially after entering my social security number and CC..

Link

 

[ViRGE]

Ya, that's a pretty big security breach. I'd get a hold of the company to report it, then get a hold of News.com to get a story out of it.

 

[Bumrush99]

I called the company and tried to speak to a supervisor or the web security team and nobody was of assistance. They actually referred me to the privacy and security link on the website!

 

[FoBoT]

why are you using a 3rd party like letstalk.com and not dealing directly with the cell phone provider?

anyway, many many companies put security so far down on priorities as for it to not exist as a concern. this shouldn't surprise you at all

 

[Bumrush99]

Originally posted by: FoBoT
why are you using a 3rd party like letstalk.com and not dealing directly with the cell phone provider?

Much better deal on the phone I wanted to get.

 

[acemcmac]

um. I'd cancel the order, get a fraud alert on my CC and change my CC number, stat!

 

[quakefiend420]

Originally posted by: acemcmac
um. I'd cancel the order, get a fraud alert on my CC and change my CC number, stat!

:thumbsup:

 

[ViRGE]

Originally posted by: Bumrush99
I called the company and tried to speak to a supervisor or the web security team and nobody was of assistance. They actually referred me to the privacy and security link on the website!

Well then take some more screenshots, go in to one of the orders and see if you can see someone else's personal info(to make sure they're actually exposing personal information), then give all the dirt to News.com. It's a bit of a dirty tactic, but I'm sure they'll clean their site up if they're busted for it. You'll also want to follow acemcmac's CC advice.

 

[MrChad]

Nice choice in retailers you have there

 

[Bumrush99]

DOH!! I'm normally very in tune with these types of things, but it looks like I royally messed up with this company. I'm a dumb ass for trusting google links without doing more research