By Sally Watson, 25 September 1998 00:25
NEWS Thousands of Internet users have been exposed to risk after their personal details were left accessible to the public on the Web. Badly managed auction software left credit card details, email addresses, phone numbers and even passwords open to abuse. According to Mark Dodd of online information centre AuctionWatch, "this is just the tip of the iceberg". Dodd discovered the problem by accident while searching on his company's domain name. He told Silicon.com he viewed "over 6000 user records spanning 10 sites", but was unwilling to name any "until they plug the security holes - which some have not yet done". In five of the sites, a slight HTML modification was need to view the details, but in the others, personal customer information open for anyone to see. "The disturbing thing to remember is that it doesn't take a hacker to see all this - because God knows I'm not a hacker!" Dodd said. All the sites run on software called AuctionWatch made by US-based software firm, OpenSite. Dodd was quick to explain it was not the manufacturer's fault but probably caused when the software was installed or managed incorrectly. OpenSite said the auction software was sold with instructions and more recent versions have additional protection provided by default. Jeffrey Mann, analyst at The Meta Group, said he had been expecting to hear of a situation like this for some time. "It's extremely dangerous to hold credit card details on the Web," he said. "It won't be until someone is held liable for hundreds of thousands of pounds that these problems will be taken seriously." Dodd told Silicon.com that when he approached the companies to tell them what he had found, some were shocked and said they had no idea the holes existed, others "absolutely denied they had problems".
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below