As shown in last week's incident

May 12, 2008 07:16 GMT  ·  By

Most of us would expect an award wining company like Renault not to have any issues with security on their websites. But it appears some of our expectations are rather too high, as proven by an incident that occurred last week. One of the company's websites, namely the one in Great Britain, hosted a Grand Prix competition, of which it was later reported to have leaked its entrants' personal information.

The British subsidiary of the motoring company is offering 600 pairs of tickets, in total, for users wanting to attend the British Grand Prix on 4, 5 and 6 July 2008. The tickets can be won by users who participate in a web-based competition promoted via email. Any of the users receiving this email were supposed to click a provided link, which would lead them to fill-in form page. Nevertheless, the fields featuring the name, postcode, email address and phone number presented the user with the personal data of the most recent entrant.

If the user was to refresh the specified webpage, he was displayed the details of another user, who in the meanwhile, had just registered for the competition. It appears that the page in question also featured a link leading to Renault's privacy statement, which seemed rather ironic. Delivering personal data in this manner can enable phishing fraudsters to collect it very easily by using a script.

The issue has been resolved after the Renault UK's webmasters received an email, on Thursday, specifying the details of the problem. As of 14.15 BST, the same day, users wanting to enter the Grand Prix ticket competition did not have their information published on the web, as it happened to the ones before them. The fast reaction time of the Renault webmasters in resolving this issue was indeed remarkable, but the incident left a few questions pending, concerning the integrity of security on the Renault UK website.