Feature

M&S calls in security consultants

Retailer Marks & Spencer has called in security consultants after a programming blunder gave the public access to confidential system passwords.

Bill Goodwin

M&S disclosed this week that an error on its Web site transferred customers to a "dump file" containing two system passwords when they clicked on one of the site's links. But the retailer denied that the passwords would have allowed hackers easy access to M&S systems.

"The file gave details of two out of five systems passwords," M&S said. "A hacker would not have got far with them. You have to use the passwords in the right sequence in the right areas. Even with the passwords you still have to negotiate around firewalls."

M&S uses the dump files to record the movements of visitors to its sites. The files contain an encrypted copy of each customer's password in addition to the two system passwords and details of their activity on the site.

The retailer said it fixed the problem within hours of it being detected by automatic monitoring software. It has called in consultants to ensure that the problem is not repeated.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in October 2000

 

COMMENTS powered by Disqus  //  Commenting policy