BBC America Shop Leaks Customer Orders

BBC's America Shop website encountered a problem that not only allowed their customers to see each others billing information, but also made simple Google searches take people to the sensitive information containing pages.

According to DataBreaches, one of the customers of the site noticed the issue while googling his own name in the attempt to investigate the reasons for the large number of unsolicited emails he was receiving.

One of the search results led to the page which contained his order, but even more worryingly, by manipulating the URL from the browser's address bar, he could take a look at the orders of other customers who'd placed them starting in June 2011.

Fortunately, there was no credit card information and the records were not cached by Google, but the names, billing addresses, phone numbers, item numbers and email addresses were more than enough for the customers involved to become targets of shady marketers.

Unlike other similar scenarios we've recently witnessed, where an organization's staff doesn't know how to handle data breaches and information security, in this case, the issue was immediately resolved, BBC America Shops call center employees being trained on how to handle such situations.

It's unknown at the time if BBC America Shop plans on alerting the individuals involved in the incident, but they should, since they're probably responsible for a large quantity of spam they must be receiving.

This is what most companies should do in case they're faced with such situations, not like in the case of the Melbourne University hack, where the hacker was asked if he was selling software after he reported a large number of vulnerabilities.

The massive number of websites currently on the web makes it really hard to make sure each one of them has a watertight security and that's why companies should implement policies that regard data breaches and the way they are handled.