Details of thousands of credit cards were left temporarily exposed on the internet by a UK video retailer after it upgraded its website 10 days ago.

An investigation by vnunet.com's sister title Computeractive, revealed that details from more than 11,500 customers held by Bensonsworld.co.uk could have been easily accessed, by altering the web address in a browser accessing its site.

The retailer, the website of 20-year-old London-based retailer Bensons, confirmed the problem and said it was taking precautions to prevent access to the data. It locked access to the website on Monday afternoon by password protecting it.

Through making a simple change to the URL shown in the web browser visitors could have accessed customer credit card details plus their full names, addresses, phone number and passwords. Passwords for customers MSN Hotmail accounts could also be viewed.

Ron Benson, managing director of Bensonsworld told vnunet.com that details could have been seen. "I'm very concerned that this could have happened. We've resolved the problem and are taking every possible precaution to ensure this doesn't happen again."

Benson said the problem arose after it changed the way its website was hosted. Wiss provides the company with bandwidth connectivity and server space in its Telehouse-based facility. Ten days ago, Bensonsworld switched from a server shared with other sites to a dedicated server.

David Wiss, managing director of Benson's supplier, said: "Once Bensons switched to a dedicated server, security of their website became their responsibility. We provide hardware, software and connectivity we do not pretend to be security consultants."

Matt Tomlinson, business development director at MIS Corporate Defence Solutions, said: "That's a massive security problem. If you're going to have a web presence, you must keep your customer details in a separate area of your network from your web pages. At the very least, they should be in a demilitarised zone [separate area off the firewall] and have a separate level of security."

The security fix, however, came too late to save the website being suspended from comparison shopping website Shopsmart.

See also:

Which? blunder exposes credit card details

The Consumers' Association should be thrown out of its own Which? Web Trader internet shopping assurance scheme after it allowed the credit card details of 2700 customers to be published online, according to a leading security expert.  22 Jun 2001

Security consultants to be licensed

IT security consultants could soon join wheel-clampers and bouncers in having to apply for licences.  06 Mar 2001

Web payment service under fire

Internet payment processing organisation WorldPay was criticised last week after a customer found that their website had suffered losses because credit card payments had not been cleared.  01 Nov 2000

Security software sales soar

Fuelled by the rising need to secure ebusiness systems, the worldwide security software market will grow by 22 per cent a year, according to a survey published this week.  04 Oct 2000

HSBC web host under fire over fuel hack

The external supplier believed to be responsible for managing the areas of HSBC's website vandalised by a hacker this week has been criticised in connection with the incident.  22 Sep 2000

Security attitudes in the firing line

Prepare for the worst with a security policy that defends your network against hacker attacks and malicious emails.  20 Sep 2000

HSBC internet sites hacked

HSBC's UK internet site and three of its international sites have been hacked as part of an ongoing campaign in support of the fuel protest.  20 Sep 2000

Weak security found in many web servers

One in three supposedly secure ebusiness servers are using software with known security weaknesses, and European sites are the worst offenders, according to a survey.  07 Sep 2000

Hacker insurance becomes a priority

Insurance firms are hoping for a boom in business as companies scramble to protect themselves against the rise in computer crime.  05 Sep 2000

Security: how safe is your data?

While security has always been an issue, the ability of organisations and individuals to keep their confidential data safe not only from prying eyes but also from attack is becoming an ever greater concern. The problem is becoming particularly marked as the world becomes more networked and companies conduct increasing amounts of business over the internet. Here we look at a range of issues that are starting to affect every one of us.  29 Jun 2000

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!