On Top Of Spying On Its Users, Sears Reveals Your Shopping Data To Anyone Who Wants It

from the well,-that's-useful dept

Weren't we just discussing the idea of criminal liability for egregious security problems with data? And... weren't we also just discussing Sears' offering to install spyware on your computer without much notice and all in the name of community? Well, let's combine those two stories. Ben Edelman has been doing some more digging on the Sears website and discovered a rather massive security hole allowing you to look up the purchases at Sears of just about anyone so long as you know their name, address and telephone number. As Edelman notes, this appears to be in direct violation of Sears' own privacy policy (and, well, common sense, but that's a different story...). So, now, Sears.com is spying on users without making it all that clear and revealing all customer purchase data with poorly implemented security. It's not a particularly comforting picture.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ben edelman, privacy, security, shopping data
Companies: sears

Reader Comments

Subscribe: RSS

View by: Time | Thread

  1. identicon
    Anonymous of Course, 4 Jan 2008 @ 12:14pm

    Oh come on now...

    I'd like to know if this community site was
    created in house by Sears, of if they hired
    a developer to do the work. That sort of
    defect in security is for n00bs. It's the
    developer that should be castigated.

    I do not work at Sears. I do not shop at
    Sears. There is no Sears store within
    fourty miles of my home. But here's the

    Sears is in business to sell stuff- and most
    of the stuff they sell is ok. The hand tools
    are almost good. So the community web site
    was botched. Yeah, it's a problem, Sears should
    thank people for bringing it to their attention
    and fix it now. I don't see it as a rational
    basis to impune the entire company's reputation.

    This seems to excite the knee jerk reaction
    "big company, bad!" from some people. It
    seems that Big has become a pejorative term
    in nearly any case but government and fast

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.