Live: Samsung Unpacked Live Updates Apple HomePod 2 Review Apple Earnings Preview Resurrecting the Dodo COVID Emergency to Expire DOJ Eyes Tesla Self-Driving DC's 'Gods and Monsters' Slate Salami, Sausage Recalled
Want CNET to notify you of price drops and the latest stories?
No, thank you

Gaffe at Amazon leaves email addresses exposed

Just days after tightened its privacy policy, a bug in one of its Web pages exposes numerous email addresses of the site's Affiliate members.

Just days after tightened its privacy policy, a bug in one of its Web pages exposed numerous email addresses of the site's Affiliate members.

Amazon spokesman Bill Curry acknowledged the flaw earlier today, and the company proceeded to fix the problem within several hours of being contacted by CNET

Dave English, who runs a software quality assurance company in New Hampshire, discovered the problem while trying to update his company's links for the Amazon Affiliate program, which pays members a commission when they refer shoppers to Amazon's stores.

The Web page that helps Affiliate members when they have forgotten their password was the source of the privacy breach.

When a person clicked the link to retain a member password, the box designated for email addresses became filled with other members' addresses. By briefly testing the page, CNET mined several email addresses by refreshing the Web browser.

"If you enter an email address and then keep refreshing it, it will pop up another address," English said.

"The big problem here is someone could write a quick program in under 10 minutes to automatically keep refreshing the page and grabbing the email addresses," he said. "I could leave (the program) running all day and easily scoop up hundreds or thousands of addresses if I wanted to."

"It was a bug," Curry said. "The only thing it did was to reveal the email addresses of other associates; there was no account information and no customer information revealed at all."

Software flaws like this are commonplace on the Web. Home furnishings retailer IKEA shut down its catalog Web site yesterday after its database of detailed customer information was exposed to the public.

"There's a whole category of data spills where it's like, 'Oops, everyone can see everyone's email addresses or personal information,'" said Deborah Pierce, a lawyer at the Electronic Frontier Foundation.

As a result, consumer fear about sending sensitive information via the Web is growing. And Internet businesses are responding by issuing new privacy policies.

Last week, Amazon said it would email millions of customers about its new, revamped privacy policy.