April 4, 2000 5:45 PM PDT
De Beers security hole reveals customer information
- Related Stories
Microsoft security hole bugs Web-based emailMarch 9, 2000
Corel hurries to fix Linux security holeJanuary 26, 2000
IE 5 bug could let Web hackers see filesNovember 23, 1999
Butterball's data security for the birdsMay 4, 1999
Nissan privacy goof exposes email addressesApril 15, 1999
About 35,000 customer email and home addresses were exposed on Adiamondisforever.com, an informational site about diamonds sponsored by De Beers, CNET News.com has learned.
Chad Yoshikawa, a Bay area consultant, stumbled across the security hole today while searching for his home address through a search engine. The results turned up more than he bargained for.
Jim Greene, system administrator for hosting company Luminant, replied in the email to Yoshikawa: "We have investigated and fixed the problem with the site. This area is not active on the site any longer."
The security breach resembles "data spills" from several Web sites. Last year, Butterball published the names and addresses of people who signed up to receive recipes via an online newsletter. Nissan Motor also exposed a list of more than 24,000 email addresses belonging to potential buyers last year.
"This kind of occurrence is all too frequent. (But) the De Beers (breach) seems especially troublesome because it suggests access to high-net individuals," said Jason Catlett, president of Junkbusters, an online advocacy group.
"Who knows how many people have noticed or downloaded the list before it came to the attention of the media." he added.
Luminant's Greene said Yoshikawa and CNET News.com were the only ones to spot the file.
"We have looked into the server logs and see no indications that anyone besides yourself and someone coming from CNET accessed the files," he wrote.
Adiamondisforever.com, which launched in November 1996, is part of The Diamond Information Center, a marketing service for De Beers, one of the largest diamond producers and marketers in the world.