[Dshield] Digitalriver and security
security at admin.fulgan.com
Thu Jan 26 09:12:24 GMT 2006
I'd like to report here something that happened to me not 10 minutes
ago. I can still hardly believe it.
I wanted to check the price for Trend Microsystems AV. So I did the
usual: went to their web site, located the "online shop" link and used
it. I was brought to a digital river web page... in German. Now, the
reason it'^s in German is simply that they stupidly use geo-location
to select my language (thank you for ignoring my browser's preference,
by the way). Anyway. Since I wanted to complain about that, I wen to
their contact page and filled the web form.
And that's where security comes into the story: 5 minutes after
filling the complain, I received an automated email. And that email,
sent in clear text without me having request it contained:
My customer number, my password for their e-commerce web site, a list
of all purchases I made and the serial number of all the product I
ordered. Everything in a clear text message.
More information about the list