Live: Best Cyber Monday Deals Live: Cyber Monday TV Deals Tech Fails of 2022 Deals Under $10 Deals Under $25 Deals Under $50 Streaming Deals on Cyber Monday Cyber Monday Video Game Deals
Want CNET to notify you of price drops and the latest stories?
No, thank you

Glitch reveals customer information

The online store says it has repaired an automated product return mechanism that exposed customers' names, phone numbers and addressees over the Internet.

Online store said Thursday it has repaired an automated product return mechanism that exposed customers' names, phone numbers and addressees over the Internet.

"We resolved it as quickly as we could," said vice president of operations Tom Wright. "We clearly understand that it's probably sensitive information to our customers."

The problem came through a merchandise return system jointly run by and United Parcel Service. Filling out an electronic form generates a Web page with a return shipping label that a customer can print. By modifying a number in the Web address, a person can sift through a large database of mailing labels.

Harvard student Ben Edelman said he discovered the breach Thursday when returning some merchandise. An email from the system contained the Web address, and it was a simple matter to change it and discover other customer accounts, he said. "This doesn't look very secure," he said upon reading the email.

CNET verified the breach.

The issue is similar to a series of problems that have plagued e-commerce Web sites. took its site down when a breach allowed people to view customer orders, the types of credit card used and other information.

Netmarket, and IKEA also have suffered similar problems.

The security breach happened on servers maintained by UPS, Wright said. UPS and worked together to correct the situation, he said.

Edelman notified of the problem Thursday afternoon. The company said it fixed the problem later in the afternoon such that customers could see shipping labels only after providing their own electronic account numbers.

Customer information still was visible at 6:40 p.m. PT after said it had been fixed, but Travis Fagan, vice president of customer support, said it takes some time for the repair to spread across the system.

The information was "useless," said Wright, characterizing it as no different from what a person could see looking at a box of outgoing mail in the office.

But there are some differences from what a person could find in an ordinary mailbox.

For one thing, the information revealed who exactly purchased from, which sells computer hardware and software, consumer electronics, sports equipment, music and other products. In addition, the information was available online, making it possible to create a program that would collect the information automatically.