Sears Closes Part of Site, Concedes Purchases Revealed

 
 
By Evan Schuman  |  Posted 2008-01-06 Email Print this article Print
 
 
 
 
 
 
 

The retailer shuts down its Manage My Home site after a blogger shows the site was revealing customer information.

On the heels of admitting that it was using spyware on one of its e-commerce sites, Sears officials said Jan. 4 they were temporarily shutting down part of another Sears e-commerce site after discovering that it allowed consumers to see explicit details about the purchases of other customers. The Sears move came hours after Harvard Business School Assistant Professor Benjamin Edelman published details on how consumers using Sears' Manage My Home site could find detailed purchase histories about other Sears shoppers merely by typing in their name, phone number and street address into the site.
"Sears offers no security whatsoever to prevent a ManageMyHome user from retrieving another person's purchase history," Edelman wrote on his blog. "To verify a user's identity, Sears could require information known only to the customer who actually made the prior purchase. For example, Sears could require a code printed on the customer's receipt, a loyalty card number, the date of purchase, or a portion of the user's credit card number. But Sears does nothing of the kind. Instead, Sears only requests name, phone number, and address, which is all information available in any White Pages phone book."
Edelman posted several examples, referencing incidents from Washington, the town of Brookline, Mass. and Lincoln, Mass. Sears said in a statement that, because of these privacy concerns, "we have turned off the ability to view a customer's purchase history on Manage My Home until we can implement a validation process that will restrict access by unauthorized third parties." Retail Center Editor Evan Schuman can be reached at eschuma@earthlink.net.
Check out eWEEK.com's Retail Center for the latest news, views and analysis on technology's impact on retail.
 
 
 
 
Evan Schuman is the editor of CIOInsight.com's Retail industry center. He has covered retail technology issues since 1988 for Ziff-Davis, CMP Media, IDG, Penton, Lebhar-Friedman, VNU, BusinessWeek, Business 2.0 and United Press International, among others. He can be reached by e-mail at Evan.Schuman@ziffdavisenterprise.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Close
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel