Someone else can do it when you B&Q it!

It's been a few days since my colleague and I first reported this problem to B&Q and to Silicon.com and others. B&Q were pretty quick to plug the hole, but from what I can see so far, they have not bothered to make a statement on the website or email their customers (my colleague is eagerly awaiting the anticipated email from B&Q to tell him not to worry and that his account is Ok)

This morning I emailed Matt Louth (B&Q's Systems Manager) to ask him what they were doing about the problem. No reply so far. The question is, who else spotted the security problem before we did. A simple bit of code and some downloadable firstname/surname lists from the Internet would be all I needed to exploit this flaw to it's full potential. What if somebody has already done this?

As a parting shot - I just checked some of the accounts we discovered on Friday afternoon and reported to Silicon.com and the passwords have not been changed

I bet Dixons use the same system. I got flooded with spam on the 'dixons address' I used to order from them.

It's a good thing Kingfisher hasn't got a group wide IT system in place otherwise we would all be screwed. Hmmm - Screwed/Fixed? an intriguing dichotomy.

I just got a message back from Mike Louth advising that they intend to come clean by email later today. Better late than never

MK