Gaping hole in Google service exposes thousands to ID theft A security flaw accessible via Google's UK motor insurance aggregator Google Compare has potentially exposed vast numbers of drivers to identity theft. The vulnerability, the existence of which has been verified by The Register, made it possible for comprehensive personal details - including names, addresses, phone numbers and …
£4k isn't a lot.
I've been quoted nearly £2.5k in the past (obviously didn't touch it with a bargepole) to insure a £300 Mondeo with 3 years NCB third-party only, for a 30-something with kid, clean license, 20k miles.
Remember, it's a quote. That means they tell you what they want you to pay and then you decide whether to pay or not. In this case, not, but I'm sure there are people out there being quoted at least £4k quite regularly and even some people PAYING that.
God knows what it costs to insure one of those Porsche 4x4 monstrosities for a mother with a few fender-benders to her name, but I bet it's more than £4k.
Jeremy Clarkson was apparently quoted over £20,000 to insure a Ford Escort (a fast one), and that was over 20 years ago. Expensive car insurance isn't only a modern phenomenon!
(And I think that was before he was famous, so I don't think they pushed the quote up because it was him...)
That's why Ford phased out the Cosworth.
It was well known that for many, the annual insurance premium exceeded the cost of the car.
A collegue told me of a wealthy friend with more money than sense, who bought one as a 21st birthday present for his son. Purchase price was twenty-something grand, cost of insuring it for said son was twenty-something-rather-larger grand. It sat on the drive while this conundrum was pondered.
During said pondering and while it was sat, uninsured, on said drive it was stolen, thus neatly illustrating one of the reasons why the insurance on them was so pricey.
Location has a lot to do with it. My insurance on a1.4l Peugeot 206 is over £400, even with seven years no claims, presumably because I'm parking it on the street in the middle of Bristol.
To be fair, it has been broken into several times (I never claimed, they only nicked the stereo), so perhaps they have their reasons.
One thing missing. I understand the number of people whose details might have been stolen is very high. Google should now go through the logs to discover actual people whose details have been stolen. Yes it will likely cost significant time and resources but it is exactly what ICO needs to know , as well as people affected.
Google does not seem to care about responsibility coming with collection of personal data - it is ICO role to teach them. If they do not store the logs to fulfill its resposibillity in data protection, the service simply should not have been offered.
Of he didn't, but then that what the headline was design to do. If it was a honest headline, it would have been more Gaping hole found in SSP software use by Google Compare, Go compare and many others ;
But then that not an attention grabbing, Google hating crowd pleaser is it, to be fair a even better more accurate description be "Gaping hole found in SSP software us by price comparison websites" but that even less attention grabbing than the first one I wrote.
Probing new depths here. Not just incapability of using the past tense.
* THAT'S
* DESIGNED
* AN honest headline
* USED BY
* AN even better...
"wrote" is a bit of a strong word to describe what you have done there.
How do you possibly manage the advanced techniques involved in switching on a computer?
I suspect Go Compare offered the anonymous source who discover the hack enough money to keep it quiet and keep it hidden from Google, why Go compare they get a chance to fix their systems before the hacker or someone else go public with story via the Register. That way Google compare and Google as a whole comes away with its reputation damage, Go Compare comes away smelling of roses.
Perhaps Register could confirm whether this anonymous source has any prior dealings with Go Compare and or other price comparison sites and SSP and confirm whether or not he sold the flaw to them and for how much. If this information is not forth coming then do some investigating and find out why it is not forth coming.
This post has been deleted by its author
Seems to me if you're running a system you have some responsibility to audit what happens to the data entered into it, including after it's left your system. If Go Compare wasn't vulnerable to this flaw, then just maybe it was because Go Compare's techies were doing their job, right?
You sir are a complete and utter retard. I must insist that you throw away your keyboard so it does not have to suffer any longer. It is not fair to subject it to this kind of abuse, it wouldn't be so bad if you could actually write a single coherent English sentence.
I suspect that you are not actually severely mentally disabled but in fact just deliberately and wantonly ignorant which is in fact worse.
Don't we know the party line already? It's always a "contractor", "rogue engineer", "consultant in India"...
Google is nothing but fucking perfect and makes no shit whatsoever. Actually, it does make shit but it's delicious, low in fat and you only need to watch Grannydating ads to have it.
This post has been deleted by its author
My employer offered a local discount card through their online store system, and I bought one. The final stage said "you have now been logged out; to view your receipt, go to http://store.example.ac.uk/receipt?id=123". Wait ... if I was logged out, how could that URL authenticate me?
Sure enough, changing the 123 yielded the details of other customers: what they bought, how they paid, delivery address etc. Whoops. I contacted the internal person in charge, who said "oops ... that's hosted by an outside contractor, we will go and shout at them now". To be fair, they did get it fixed when I pointed it out, but it's alarming a fault that obvious existed in the first place!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
