A New Jersey man trying to key in a coupon code at
Barnesandnoble.com yesterday found himself in another customer's account
with access to that person's personal information.
The man, who identified himself as Ken, said that he tried to use the
coupon to purchase two books and was given access to the address, phone
number, address book, email address and a list of past purchases of a New
York woman. Her credit card information was not able to be viewed.
Contacted by CNET News.com, the woman confirmed the information was hers.
A spokesman for Barnesandnoble.com, the Net spinoff of Barnes & Noble, said
the company is running diagnostic tests to determine the source of the
security leak and said it believes the incident was isolated.
"We believe (the problem) to be a faulty link that allowed one customer to
see another customer's order information," spokesman Gus Carlson said. "It
is important to note that at no time was any customer credit card
information displayed on the site--indeed, customer credit card information
is never displayed."
System glitches have plagued e-commerce sites since the Internet's creation and undermine customer faith in online shopping, analysts say. The list
of companies that have suffered a security breach is long. The latest
example came last week, when Yahoo acknowledged that faulty software had caused some account holders' to get locked out of their accounts until Yahoo reinstated them.
Microsoft has battled to plug
security holes in its Internet Explorer browser and Web management software
in recent months. In February, the Web site of tax preparation stalwart H&R
Block exposed some customers'
private financial information.
The woman whose information was exposed said Barnesandnoble.com will have to
explain the cause in detail if she is to shop there again. She said she
works for a company that troubleshoots system problems like the one
"This shouldn't be happening," she said. "You are not surprised to hear
about a problem like this at a small site, but for it to happen to a big
company like them--it makes me nervous to shop on the Web ever again."