O'Reilly Data Breach: 100,000 User Profiles Risk From Coding Flaw
May 13, 2002
•
Anthony Pell
1 min read
Hardcore geek publishing house O'Reilly & Associates recently exposed their database of approximately 100,000 online users to outsiders, courtesy of a Web coding slip-up that their techie customer base might scoff at.. . . Hardcore geek publishing house O'Reilly & Associates recently exposed their database of approximately 100,000 online users to outsiders, courtesy of a Web coding slip-up that their techie customer base might scoff at.
O'Reilly's main Web site, as well as connected sites like Perl.com and XML.com, offer visitors free password-protected accounts for posting comments and subscribing to the publisher's e-mail lists.
Until Monday, clicking on a link for reviewing and changing your user profile would land you at a URL of the form https://www.oreilly.com/
It turns out the number at the end is a sequentially-assigned user I.D., and by simply substituting other numbers one could browse or modify other people's profiles. The profiles include full name and email addresses, and, more rarely, physical mailing address, employer, title and phone number.
The link for this article located at SecurityFocus is no longer available.
PREVIOUS
NEXT
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!