Victoria's Secret Reveals Too Much

cbs ^ | 10-22-03

[wheelgunguru]

(AP) Victoria's Secret has agreed to pay a $50,000 fine to the state of New York while promising to improve computer security practices after a glitch on its Web site allowed viewers to browse other customers' online orders.

The lingerie stores' Columbus-based parent company, Limited Brands, said it fixed the problem within days of being notified by a customer last November. New York Attorney General Eliot Spitzer announced the fine and settlement with Limited on Tuesday.

A glitch in a feature allowing customers to check their order status allowed them to randomly call up other orders, seeing details such as sizes, prices, customer names and addresses. The faulty site didn't reveal credit card numbers or allow visitors to search orders by name.

The company is notifying about 560 customers who were affected nationwide by mail, spokesman Anthony Hebron said. New York was the only state to take legal action, he said Wednesday.

The settlement requires Victoria's Secret to provide refunds or credits to affected customers in New York. The company has not yet determined the number of customers in the state or the amount of potential refunds, Hebron said.

It also requires the company to establish an information security program and hire an external auditor to review it yearly.

[wheelgunguru]

allowed viewers to browse other customers' online orders

Oops! And, in other news, Bob's wife discovered Bob ordered her a size 4 teddy. Only, Bob's wife isn't a four. She's a fourteen!

[meyer]

I was really expecting a lot more from this thread. ;)

[AlbertWang]

What is Marv Albert buying these days?

[annyokie]

What!? Strangers know I ordered underpants and brasssieres?

The horror!

[Senator Pardek]

Strangers know I ordered underpants and brasssieres?

The horror!

No - strangers know I did!!!

[meyer]

No - strangers know I did!!!

Does that mean I'm no longer a stranger. Or maybe I'm just stranger...

[Wingy]

Shouldn't there be some pictures? Cavuto would run the tape!

[annyokie]

What size? ; )

[BlueNgold]

VS is not the concern .. now if Frederick's lets info get loose .. whoa daddy!

[null and void]

I was really expecting a lot more from this thread. ;)

I was expecting a lot LESS...

[Dan from Michigan]

Great minds think alike.

[Revolting cat!]

Sheesh! what a waste of a good thread title!

[Sofa King]

Can we at least get some pictures?

[lodwick]

[yevgenie]

Security hole was due to poorly configured/easily-guessed session ID token. By manipulating the cookie assigned by the server, you could assume another customer's identity.

[snopercod]

Oh Lord! I hope it doesn't get out that I ordered those camo-crotchless hunting overalls.

[Thumper1960]

Dang!

Bra's wayyyyyy too prudish!.

;-P

[putupon]

Victoria's Secret Reveals Too Much

OK, so I was chump went for the headline bait.

In sympathy for others fall for it, I'm posting this pic:

[wattsmag2]

Wonder if Bad Boy Bill's name came up on the order forms

[LimitedPowers]

Limited Brands... said it fixed the problem within days of being notified by a customer

Within days! They had to ship a postcard to India or something?