Seven months after initial contact, but only two days after posting on FD,
Chapters/Indigo has fixed the problems documented below. One more website
is a little safer thanks to FD.
Thanks also go to list member Terry Erickson for assisting with the
escalation process. Knowing who to forward the
I. SUMMARY
The Chapters/Indigo website (http://www.chapters.indigo.ca/) is vulnerable
to user name guessing at the login screen and personal information leaks
(name and address) in the Wish List function.
II. BACKGROUND
Chapters/Indigo is the largest book vendor in Canada, having over C$800M