http://www.theregister.co.uk/2012/11/08/google_compare_identity_theft/ By John Lettice The Register 8th November 2012 Exclusive -- A security flaw accessible via Google's UK motor insurance aggregator Google Compare has potentially exposed vast numbers of drivers to identity theft. The vulnerability, the existence of which has been verified by The Register, made it possible for comprehensive personal details - including names, addresses, phone numbers and job - to be harvested at will. Information about the flaw was passed to The Register last week by a source who wishes to remain anonymous, but who is familiar with motor insurance aggregation systems. The data could be accessed via a simple edit of a motor insurance proposal form. The Register created a fictitious motorist for this purpose, and completed an online proposal form using Google Compare. Google Compare sends this form to numerous underwriters - there can be at least 100 of these - and then Google offers you details of the companies that wish to offer a quote, together with their prices. Some of these companies' quotes, however, can be illicitly accessed. After we had made a simple edit to a vulnerable document, we were no longer viewing our own proposal form, but those of unrelated individuals. [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Fri Nov 09 2012 - 01:22:36 PST
This archive was generated by hypermail 2.2.0 : Fri Nov 09 2012 - 01:29:10 PST