* via http://theMezz.com/lists * subscribe at http://techPolice.com
Fleet credit card Web site flawed Hole exposes hundreds of thousands of transaction records By Bob Sullivan MSNBC Dec. 7 — A Fleet Credit Card Services customer has discovered a serious flaw in one of the bank’s Web sites, apparently revealing private details of hundreds of thousands of transactions. The details, viewed by MSNBC.com, include Social Security numbers, account numbers, places of employment, and annual income. The site, mycard.fleet.com, is used by Fleet credit card customers to maintain their credit card accounts. The flaw had not been fixed as of 8 p.m. ET on Friday. FLEET CREDIT CARD SERVICES, a division of FleetBoston Financial, was advised of the problem around 4 p.m. ET on Friday, according to customer Jonathan Bryce. He found the flaw while checking his account earlier in the day. Bryce contacted MSNBC.com after the company failed to return his phone calls. A spokesperson for Fleet said he wasn’t able to immediately comment on the situation. The hole makes it possible to view records of transactions recorded at the site dating back to April of 2000. Many of the transactions are mundane address request changes or simple balance transfers that don’t reveal any private information. But others include much private information, including everything needed for identity theft. It appears that nearly 600,000 transaction records are exposed to the flaw. Bryce, a Web developer for RackSpace Managed Hosting in San Antonio, found the bug at work “out of curiosity.” He said he generally likes Fleet and the company’s Web site because it offers great flexibility and allows him to maintain multiple accounts. But he was frustrated by the bank’s lack of responsiveness to his call to report the problem. “I’m a customer and I want this fixed ... everything I’ve ever done there is viewable by anyone right now,” Bryce said. “I spoke with three different people there, customer service types. One said the IT department was moving and they couldn’t get anyone to talk to me, maybe not until Monday.” Fleet Credit Card Services is headquartered north of Philadelphia in Horsham, Penn. Fleet provides consumer credit card, credit products and related services throughout the U.S. According to a recent company statement, the firm has over 9 million accounts and $15 billion in managed receivables, making it the ninth largest Visa/MasterCard issuer in the nation. It is not immediately known how many of those cardholders use the mycard.fleet.com Web site to maintain their accounts. ============================================================ LOOKING FOR FREE COUPONS? Visit the #1 coupon site on the Web - CoolSavings! Save big on groceries, clothes, babies & kids stuff and much more! Click here to enroll! http://click.topica.com/caaadTTb1dhr0b2EDp2f/CoolSavings ============================================================ --via http://techPolice.com archive: http://theMezz.com/cybercrime/archive subscribe: [EMAIL PROTECTED] --via http://theMezz.com ==^================================================================ This email was sent to: archive@jab.org EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2 Or send an email to: [EMAIL PROTECTED] T O P I C A -- Register now to manage your mail! http://www.topica.com/partner/tag02/register ==^================================================================