recent work

Customers of comparethemarket.com and confused.com – their data at risk of disclosure

 

ZDNet has today reported that weak authentication has left customers of comparethemarket.com and confused.com with their data at risk of disclosure.

When customers of comparethemarket.com ‘retrieve their quote’, the level of authentication just ‘isn’t strong enough’, says Sean Sullivan, Security Advisor for F-Secure labs.

“Email, surname and birth-date is not good enough. Black-hat scripts can scrape data from Facebook accounts,” said Sullivan. “Just throw it into a database and write a script to enter the data [on the Comparethemarket.com prompt page]. I have no doubt someone would try it.”

With competitive prices for such information in the world of cybercrime, it isn’t hard to see how an individual’s personal data could be passed on without knowledge or agreement. Similarly, confused.com customers, who forget their password, pass through an incredibly simple retrieval process, and with the questions asked in this process easily obtained, authentication is inadequate, says  technology publication PC Pro.

Comment

Our interest in this article here at Absolute Data was fuelled because we are constantly advising clients about privacy risk management and the activities of third parties in undertaking “unauthorised” independent and uncontrolled risk assessments of the data processing of other companies.  We preach that it’s far better to have your own risk assessment regime than to have third parties potentially with axes to grind carrying them out.

To view the whole article, please go to:http://www.zdnet.co.uk/news/security/2010/09/03/experts-data-at-risk-on-price-comparison-sites-40089993/

For more information on Absolute Data Risk Assessments contact us at info@absolute-data.co.uk