back to article Defrosted starter for 10: Iceland home delivery site spills customer details

Iceland’s home delivery service exposed sensitive customer information for months until the problem was plugged this week, a UK security researcher discovered. Paul Moore went public with his findings after failing to get the retailer to act even 12 months after first reporting the issue. Public disclosure finally prompted …

  1. Keef

    More company fluff and useless ICO.

    They probably can't know everything that was accessed using legitimate credentials by illegitimate users, so saying only limited amount of data was affected might well be true, but that limit might be 100% of the data available by the method used.

    What is the point of the ICO if they won't act, not much point having a regulator if they won't regulate.

    I wonder if the GDPR will help with this kind of issue?

  2. Anonymous Coward
    Anonymous Coward

    I hope he's in a country with no UK extradition treaty ...

    as SOP in the UK is to prosecute the messenger ...

  3. Aladdin Sane
    Flame

    What the fucking fuck is wrong with these people?

  4. Anonymous Coward
    Anonymous Coward

    not quite the same..

    But the internal doors to the secure areas of Argos / Homebase was just the store number too. Guess it's a common thing.

    1. Anonymous Coward
      Anonymous Coward

      Re: not quite the same..

      They fixed it by changing it to 1234.

      1. Dan 55 Silver badge
        Coat

        Re: not quite the same..

        I do wish you people would stop posting my router password on the open Internet.

    2. JimboSmith Silver badge

      Re: not quite the same..

      But the internal doors to the secure areas of Argos / Homebase was just the store number too. Guess it's a common thing.

      Almost as bad....I once visited a supposedly secure storage place and whilst waiting for the door to open I noticed that the door keypad hadn't been cleaned in a while. When it opened, the woman I was there to see invited me in. She was rather shocked when whilst discussing security I asked if the electronic door code was 2479 or a variation of those digits. She couldn't work out how I'd come up with that as no staff member had entered whilst I was waiting. She couldn't let it go asking me continually how I'd worked it out. I said it wasn't hard if you had a "dirty mind" like mine which only seemed to confuse her further. I eventually said they needed to clean the keypad as the only numbers that were showing any use (i.e. were clean) was the digits 2479. The next call was to the facilities manager to get it cleaned and serviced and the code changed.

      1. Captain Badmouth

        Re: not quite the same..

        I did the same thing with my friend's burglar alarm, anly I had to change the keypad as he wanted to retain the code.

  5. wolfetone Silver badge
    Trollface

    I heard it was Kerry Katona's idea.

    1. Aladdin Sane

      I bet it was lonely.

  6. Korev Silver badge
    Mushroom

    The privacy of our customers is of great importance to us

    Paul Moore went public with his findings after failing to get the retailer to act even 12 months after first reporting the issue.

    The privacy of our customers is of great importance to us and we will continue to do our utmost to ensure that this is properly protected.

    Somehow those two statements don't really match up!

    One way to stop their website leaking data again ->

  7. Anonymous Coward
    Anonymous Coward

    I have no idea why people think that using the store number is a suitable password (and login). I advise that if you wouldn't do it for your banking or anything else, don't do it for anything containing customer information. I've worked somewhere that had login information that was partly the store number. The store number was not made public and you couldn't access the system without being on the internal network (or for some limited number of staff via VPN). Also the password had far more stringent requirements than it appears Iceland had.

  8. Anonymous Coward
    Anonymous Coward

    My mum is going to be pissed.

    1. Anonymous Coward
      Anonymous Coward

      Is she at the gin again ?

      1. Anonymous Coward
        Anonymous Coward

        Eff off shes on lambrini, she shops at iceland not effing waitrose.

        1. Anonymous Coward
          Anonymous Coward

          No need to go to Waitrose

          Lidl gin wins awards, might be cheaper than Lambrini ;)

  9. Anonymous Coward
    Anonymous Coward

    When people say spill and Iceland it makes me think of Joe Hart's poor goalkeeping.

    1. Anonymous Coward
      Anonymous Coward

      I think you'll find it was a protest by the rich england players over what the country voted for because it would effect their moneys.

      Timing is everything.

      1. John Brown (no body) Silver badge
        Headmaster

        "because it would effect their moneys."

        Really?

  10. JimboSmith Silver badge

    I would say this is shocking but I'm now quite desensitised to the stupidity of some companies.

  11. Anonymous Coward
    Anonymous Coward

    'failing to get the retailer to act even 12 months'

    A wider issue here is how often contact-emails listed on corporate or brand websites is just zombie info, with emails that will go unanswered forever. When you query this by phoning them up, you often get abruptly yet proudly & smugly told: 'oh we only monitor Twitter and Facebook channels now'.

    Great, slurp city! So I just quietly go away as a customer in 'silent-failure'. However, if I was a CEO looking out for my bonus, I'd be terrified of this. What??? Researchers unable to get through to WARN anyone that a gaping hole exists in our security... But hey no worries, until a Bot finds it! Wake the f*ck up CEO's, #Hackers# and #GDPR# are all coming for your bonuses!!!

    ~~~~~~~~~~~~~~

    Catching the hackers in the act

    http://www.bbc.co.uk/news/technology-40850174

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021