Price comparison sites subject to security backdoor.

September 1, 2010

PC Pro have discovered, via a reader tipoff, that they can access the history of an account holder by using a few simple details.

It seems that both Confused.com and Comparethemarket.com suffer from a simple attack that anybody could carry out.

By using the “retrieve a quote” button they we able to gain access to telephone numbers, car registration and make details, occupation, personal details of spouse as well as property details where house insurance quotes were available.

To achieve this, the only data required was an email address, surname and date of birth – all of this information is easily harvested from social networking sites like Facebook.

Think Safe

Now it may seem that Facebook is being tarred with the same old blame game brush but the fact is there are over 500 million users on Facebook making much of this simple, yet valuable, data available without a second thought.  Think how this data relates to the questions asked when applying for account.  Mother’s maiden name, you favourite pet, etc.

In addition, think carefully about data you send via email.  Spammers regularly request data posing as a trusted source, such as your bank or a close friend.

the worst part is the friend had disclosed here password

And even the famous get caught out. Recently Gaby Roslin got an email from a distressed friend notifying her that she had been mugged and had no money so could you wire some over.  I wasn’t until she double checked that she discovered it was a scam.  But the worst part is the friend had disclosed here password to a scammer posing as a Hotmail representative.  They were then able to scan here email account to find out information about her.  They also had the address book so proceeded to email everyone regarding her “terrible ordeal”.

And to compound the issue, the friend also used the same password for multiple account on numerous web sites.

Cleary hadn’t read my password article.