back to article Defrosted starter for 10: Iceland home delivery site spills customer details

Iceland’s home delivery service exposed sensitive customer information for months until the problem was plugged this week, a UK security researcher discovered. Paul Moore went public with his findings after failing to get the retailer to act even 12 months after first reporting the issue. Public disclosure finally prompted …

More company fluff and useless ICO.

They probably can't know everything that was accessed using legitimate credentials by illegitimate users, so saying only limited amount of data was affected might well be true, but that limit might be 100% of the data available by the method used.

What is the point of the ICO if they won't act, not much point having a regulator if they won't regulate.

I wonder if the GDPR will help with this kind of issue?

13
0
Anonymous Coward

I hope he's in a country with no UK extradition treaty ...

as SOP in the UK is to prosecute the messenger ...

8
0
Silver badge
Flame

What the fucking fuck is wrong with these people?

7
0
Anonymous Coward

not quite the same..

But the internal doors to the secure areas of Argos / Homebase was just the store number too. Guess it's a common thing.

3
0
Silver badge

Re: not quite the same..

They fixed it by changing it to 1234.

9
0
Silver badge
Coat

Re: not quite the same..

I do wish you people would stop posting my router password on the open Internet.

16
0
Bronze badge

Re: not quite the same..

But the internal doors to the secure areas of Argos / Homebase was just the store number too. Guess it's a common thing.

Almost as bad....I once visited a supposedly secure storage place and whilst waiting for the door to open I noticed that the door keypad hadn't been cleaned in a while. When it opened, the woman I was there to see invited me in. She was rather shocked when whilst discussing security I asked if the electronic door code was 2479 or a variation of those digits. She couldn't work out how I'd come up with that as no staff member had entered whilst I was waiting. She couldn't let it go asking me continually how I'd worked it out. I said it wasn't hard if you had a "dirty mind" like mine which only seemed to confuse her further. I eventually said they needed to clean the keypad as the only numbers that were showing any use (i.e. were clean) was the digits 2479. The next call was to the facilities manager to get it cleaned and serviced and the code changed.

7
0
Bronze badge

Re: not quite the same..

I did the same thing with my friend's burglar alarm, anly I had to change the keypad as he wanted to retain the code.

0
0
Silver badge
Trollface

I heard it was Kerry Katona's idea.

1
0
Silver badge

I bet it was lonely.

2
0
Silver badge
Mushroom

The privacy of our customers is of great importance to us

Paul Moore went public with his findings after failing to get the retailer to act even 12 months after first reporting the issue.

The privacy of our customers is of great importance to us and we will continue to do our utmost to ensure that this is properly protected.

Somehow those two statements don't really match up!

One way to stop their website leaking data again ->

11
0
Anonymous Coward

I have no idea why people think that using the store number is a suitable password (and login). I advise that if you wouldn't do it for your banking or anything else, don't do it for anything containing customer information. I've worked somewhere that had login information that was partly the store number. The store number was not made public and you couldn't access the system without being on the internal network (or for some limited number of staff via VPN). Also the password had far more stringent requirements than it appears Iceland had.

4
0
Anonymous Coward

My mum is going to be pissed.

1
0
Anonymous Coward

Is she at the gin again ?

9
0
Anonymous Coward

Eff off shes on lambrini, she shops at iceland not effing waitrose.

6
0
Anonymous Coward

No need to go to Waitrose

Lidl gin wins awards, might be cheaper than Lambrini ;)

2
0
Anonymous Coward

When people say spill and Iceland it makes me think of Joe Hart's poor goalkeeping.

1
1
Anonymous Coward

I think you'll find it was a protest by the rich england players over what the country voted for because it would effect their moneys.

Timing is everything.

0
1
Silver badge
Headmaster

"because it would effect their moneys."

Really?

1
0
Bronze badge

I would say this is shocking but I'm now quite desensitised to the stupidity of some companies.

6
0
Anonymous Coward

'failing to get the retailer to act even 12 months'

A wider issue here is how often contact-emails listed on corporate or brand websites is just zombie info, with emails that will go unanswered forever. When you query this by phoning them up, you often get abruptly yet proudly & smugly told: 'oh we only monitor Twitter and Facebook channels now'.

Great, slurp city! So I just quietly go away as a customer in 'silent-failure'. However, if I was a CEO looking out for my bonus, I'd be terrified of this. What??? Researchers unable to get through to WARN anyone that a gaping hole exists in our security... But hey no worries, until a Bot finds it! Wake the f*ck up CEO's, #Hackers# and #GDPR# are all coming for your bonuses!!!

~~~~~~~~~~~~~~

Catching the hackers in the act

http://www.bbc.co.uk/news/technology-40850174

6
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017