Marks and Spencer website leaks customers' details

Credit card details visible to other customers.

A fault with Marks and Spencer’s website allowed customers to see each others’ details when they logged into their own accounts.

The British retailer suspended its site for two hours on Tuesday night to fix the problem.

It said the glitch was the result of an internal error, rather than of an external hack attack.

It added that its customers’ full credit card details were not among the exposed information.

However, personal data, including names, dates of birth, contacts and previous orders were shown.

One user told the BBC he had seen another person’s account details when he tried to register a store loyalty card.

“It accepted my registration but then told me i had 9,000 sparks points which i thought was a bit odd,” said Mark Hill.

“So, I looked at the account details and despite saying ‘hi Mark’ , it was quite clearly an account belonging to a female in a different part of the country.”

Marks and Spencer has apologised for the error.

“Due to a technical issue, we temporarily suspended our website yesterday evening,” an M&S spokesman said.

“This allowed us to thoroughly investigate and resolve the issue and quickly restore service for our customers.”

It is not yet clear how many people’s details were seen by other M&S customers as a result of the fault.

Source: http://www.bbc.co.uk/

Facebooktwittergoogle_plusredditlinkedinmail