Barnesandnoble.com exposes customer's information

A New Jersey man trying to key in a coupon code at Barnesandnoble.com finds himself in another customer's account with access to personal information.

Greg Sandoval Former Staff writer
Greg Sandoval covers media and digital entertainment for CNET News. Based in New York, Sandoval is a former reporter for The Washington Post and the Los Angeles Times. E-mail Greg, or follow him on Twitter at @sandoCNET.
Greg Sandoval
2 min read
A New Jersey man trying to key in a coupon code at Barnesandnoble.com yesterday found himself in another customer's account with access to that person's personal information.

The man, who identified himself as Ken, said that he tried to use the coupon to purchase two books and was given access to the address, phone number, address book, email address and a list of past purchases of a New York woman. Her credit card information was not able to be viewed.

Contacted by CNET News.com, the woman confirmed the information was hers.

A spokesman for Barnesandnoble.com, the Net spinoff of Barnes & Noble, said the company is running diagnostic tests to determine the source of the security leak and said it believes the incident was isolated.

"We believe (the problem) to be a faulty link that allowed one customer to see another customer's order information," spokesman Gus Carlson said. "It is important to note that at no time was any customer credit card information displayed on the site--indeed, customer credit card information is never displayed."

System glitches have plagued e-commerce sites since the Internet's creation and undermine customer faith in online shopping, analysts say. The list of companies that have suffered a security breach is long. The latest example came last week, when Yahoo acknowledged that faulty software had caused some account holders' to get locked out of their accounts until Yahoo reinstated them.

Microsoft has battled to plug security holes in its Internet Explorer browser and Web management software in recent months. In February, the Web site of tax preparation stalwart H&R Block exposed some customers' private financial information.

The woman whose information was exposed said Barnesandnoble.com will have to explain the cause in detail if she is to shop there again. She said she works for a company that troubleshoots system problems like the one Barnesandnoble.com experienced.

"This shouldn't be happening," she said. "You are not surprised to hear about a problem like this at a small site, but for it to happen to a big company like them--it makes me nervous to shop on the Web ever again."