Some of you might find this of interest, it's about a major security ***k-up on B&Q's on-line ordering system.
- posted
20 years ago
Some of you might find this of interest, it's about a major security ***k-up on B&Q's on-line ordering system.
It's been a few days since my colleague and I first reported this problem to B&Q and to Silicon.com and others. B&Q were pretty quick to plug the hole, but from what I can see so far, they have not bothered to make a statement on the website or email their customers (my colleague is eagerly awaiting the anticipated email from B&Q to tell him not to worry and that his account is Ok)
This morning I emailed Matt Louth (B&Q's Systems Manager) to ask him what they were doing about the problem. No reply so far. The question is, who else spotted the security problem before we did. A simple bit of code and some downloadable firstname/surname lists from the Internet would be all I needed to exploit this flaw to it's full potential. What if somebody has already done this?
As a parting shot - I just checked some of the accounts we discovered on Friday afternoon and reported to Silicon.com and the passwords have not been changed
I bet Dixons use the same system. I got flooded with spam on the 'dixons address' I used to order from them.
It's a good thing Kingfisher hasn't got a group wide IT system in place otherwise we would all be screwed. Hmmm - Screwed/Fixed? an intriguing dichotomy.
I just got a message back from Mike Louth advising that they intend to come clean by email later today. Better late than never
MK
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.