Latest in Culture

Image credit: Drew Angerer/Getty Images

Saks Fifth Avenue left customer data exposed to the public

Email addresses and phone numbers were kept in the open.
444 Shares
Share
Tweet
Share

Sponsored Links

Drew Angerer/Getty Images

Sometimes, hackers don't have to lift a finger to swipe valuable shopping data -- it can be sitting right out in the open. BuzzFeed News has found that Saks Fifth Avenue was storing info for tens of thousands of customers in plain text on their servers. There was no payment data, thankfully, but the content revealed email addresses, phone numbers, internet addresses and product IDs. If a malicious visitor wanted to commit identity fraud or scam a customer, they had at least some of what they needed.

The brand's Canadian parent, Hudson's Bay Company, has since taken the info down while it works on a solution, and says that only "some email addresses" were affected. HBC maintains that it follows "industry best practices" for security, but that isn't really the case when anyone snooping around its web code could have found the info. BuzzFeed adds that the sites have an inconsistent approach to web encryption, protecting certain pages (such as the login page) but not others. Someone on the same local network could grab unencrypted web traffic and potentially use it to compromise an account.

While there's currently no evidence to suggest that someone made off with the data before it was taken down, the discovery isn't very reassuring. It suggests that online shops are still making basic security mistakes, and don't always realize that even limited data exposure can be very dangerous. It only takes a nosy intruder to turn a blunder like this into a serious incident.

Update: BuzzFeed has since learned that only Saks was affected, not associated brands like Gilt and Lord & Taylor -- we've updated the article accordingly.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
444 Shares
Share
Tweet
Share

Popular on Engadget

Calendar app Fantastical switches to a subscription for its Mac and iOS apps

Calendar app Fantastical switches to a subscription for its Mac and iOS apps

View
Lawsuits claim Amazon, Apple and more are streaming unlicensed music

Lawsuits claim Amazon, Apple and more are streaming unlicensed music

View
Google's 3D scans recreate historical sites threatened by climate change

Google's 3D scans recreate historical sites threatened by climate change

View
What to buy if you want to start producing music at home

What to buy if you want to start producing music at home

View
The best pre-Super Bowl deals for 4K TVs and streaming

The best pre-Super Bowl deals for 4K TVs and streaming

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr