In what one expert called a "violation of one of the basic principles of privacy," Yahoo until this afternoon revealed the addresses and order information of customers of one of its e-commerce partners.
Yahoo Store producer Paul Graham said the breach was a software bug that Yahoo fixed as soon as it was notified by CNET News.com. Graham said that all software contains bugs and "it would be na?ve to promise that there'll be no bugs in the future."
"All I can really say is we do care a great deal about privacy," Graham said.
The incident comes as Rep. Edward Markey (D-Massachusetts) prepares to introduce a bill to regulate the use of personal data on the Internet, and as privacy advocates meet in Washington at the Computers, Freedom and Privacy conference.
The information was exposed on a demo site targeted at potential tenants of Yahoo Store. The demo site included customer data from Vitanet, a nutritional-supplement vendor. Included in the exposed order data were partial credit card numbers, products ordered, amounts spent, and a link to a map. The map link went to Yahoo Maps and gave customers' street addresses and a map of their surrounding area. The products ordered and amount spent are still on the site, but can no longer be linked to customers' addresses.
The demo site was easily accessible by going to the Store area from the More Yahoo page. The Store page offers visitors a test drive, which takes users to the "tracking tools" of the demo site. Through the tracking tools, visitors could access individual customer orders.
Although the order data did not include customer names or phone numbers, that information can be easily obtained though reverse lookup directories such as Infospace or Excite People Finder.
Graham said that although the link to customers' addresses had been up for "several weeks," no one at the company was aware of the glitch. Graham added that no one complained to the company about it.
"If someone had had a problem, they would have complained about it to us and we would have jumped right on it," Graham said.
Sandy Davidson, communications law professor at the University of Missouri's journalism school, said the taking of order information and using it for the demo site violated the principle that "information turned over for one use shouldn't be used for another purpose without consent."
Davidson said it is "disturbing" that the demo site provided customer addresses and involved nutritional product orders.
"Nutritional information is getting darn close to medical information, and medical information is the hallmark of privacy," Davidson said.
Vitanet owner Mark Kowalski said Vitanet has been a Yahoo Store tenant since August 1996 and has allowed its order information to be used for the demo site for at least a year. However, he said he was unaware that the demo site provided links to customer addresses and included partial credit card numbers.
"I had no knowledge that that was happening," Kowalski said. "It was probably an oversight, because I wouldn't want it up there."
Kowalski said he has some 20,000 customers. According to the order information, Vitanet has received about 14,700 orders for its products since September 1996. Although Vitanet's store site includes no privacy statement, Kowalski said he doesn't give out personal information.
"That is my policy, even though we don't have a statement on there," Kowalski said.
Jeff Scott of Charlotte was among those whose addresses and orders were exposed by Yahoo. An order he placed on Tuesday
provided links to both his work address and his home address, and gave the type of credit card he used and the partial credit card number.
Scott said he often orders merchandise online and he was upset that his order information was made public.
"I generally expect it to be held private within the company itself," Scott said.
Yahoo security has been breached and they won't fix it.
Yes, I have contacted Yahoo security department, now for the 5th day I cannot access my personal, mail plus account. I sent them all requested information and have gotten autoresponse, and finally one email requesting more information from Yahoo. This account has access to my photos, employment files. I have notified them daily and still nothing. I checked the Yahoo message board and two other people say the Yahoo has been breached. How can I publicize this and also make Yahoo return my paid account to me. I cannot change my password, which was hacked, because they say my information does not match the set up information, and now they have that information and I am still locked out of my account. Please someone help me. Is there a phone number where I can reach Yahoo? Thanks Isabella Hale
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
Company requests ban on sales in the U.S. of the Samsung-made showcase for Google's heavily touted Ice Cream Sandwich version of the Android operating system, saying it violates four Apple patents.
A study by Harlequin--yes, the romantic-book people--says more women are sending naughty texts (shocking) and that 27 percent have sent a nude picture via e-mail or text.
Tor's "obfsproxy" technology would make encrypted data look innocuous and let it dodge government censors. That could help citizens in Iran reach blocked sites as antigovernment protests reportedly loom.
iPhones and Angry Birds aside, the arcade endures. Crave pays a visit--and offers up an homage to games and gamers of years past and a tribute to the possibly endangered, but not yet dead, atmosphere of the arcade itself.
Yahoo. This account has access to my photos, employment files. I have notified them daily and still nothing. I checked the Yahoo message board and two other people say the Yahoo has been breached. How can I publicize this and also make Yahoo return my paid account to me. I cannot change my password, which was hacked, because they say my information does not match the set up information, and now they have that information and I am still locked out of my account. Please someone help me. Is there a phone number where I can reach Yahoo?
Thanks
Isabella Hale