* via http://theMezz.com/lists
* subscribe at http://techPolice.com
Fleet credit card Web site flawed
Hole exposes hundreds of thousands of transaction records
By Bob Sullivan
MSNBC
Dec. 7 — A Fleet Credit Card Services customer has discovered a serious flaw in
one of the bank’s Web sites, apparently revealing private details of hundreds of
thousands of transactions. The details, viewed by MSNBC.com, include Social Security
numbers, account numbers, places of employment, and annual income. The site,
mycard.fleet.com, is used by Fleet credit card customers to maintain their credit card
accounts. The flaw had not been fixed as of 8 p.m. ET on Friday.
FLEET CREDIT CARD SERVICES, a division of FleetBoston Financial, was
advised of the problem around 4 p.m. ET on Friday, according to customer Jonathan
Bryce. He found the flaw while checking his account earlier in the day.
Bryce contacted MSNBC.com after the company failed to return his phone calls. A
spokesperson for Fleet said he wasn’t able to immediately comment on the situation.
The hole makes it possible to view records of transactions recorded at the site
dating back to April of 2000. Many of the transactions are mundane address request
changes or simple balance transfers that don’t reveal any private information. But
others include much private information, including everything needed for identity
theft.
It appears that nearly 600,000 transaction records are exposed to the flaw.
Bryce, a Web developer for RackSpace Managed Hosting in San Antonio, found the
bug at work “out of curiosity.” He said he generally likes Fleet and the company’s Web
site because it offers great flexibility and allows him to maintain multiple accounts.
But he was frustrated by the bank’s lack of responsiveness to his call to
report the
problem.
“I’m a customer and I want this fixed ... everything I’ve ever done there is
viewable by anyone right now,” Bryce said. “I spoke with three different people there,
customer service types. One said the IT department was moving and they couldn’t get
anyone to talk to me, maybe not until Monday.”
Fleet Credit Card Services is headquartered north of Philadelphia in Horsham,
Penn. Fleet provides consumer credit card, credit products and related services
throughout the U.S. According to a recent company statement, the firm has over 9
million accounts and $15 billion in managed receivables, making it the ninth largest
Visa/MasterCard issuer in the nation.
It is not immediately known how many of those cardholders use the
mycard.fleet.com Web site to maintain their accounts.
============================================================
LOOKING FOR FREE COUPONS? Visit the #1 coupon site on the
Web - CoolSavings! Save big on groceries, clothes, babies &
kids stuff and much more! Click here to enroll!
http://click.topica.com/caaadTTb1dhr0b2EDp2f/CoolSavings
============================================================
--via http://techPolice.com
archive: http://theMezz.com/cybercrime/archive
subscribe: [EMAIL PROTECTED]
--via http://theMezz.com
==^================================================================
This email was sent to: archive@jab.org
EASY UNSUBSCRIBE click here: http://topica.com/u/?b1dhr0.b2EDp2
Or send an email to: [EMAIL PROTECTED]
T O P I C A -- Register now to manage your mail!
http://www.topica.com/partner/tag02/register
==^================================================================
