M&S calls in security consultants


M&S calls in security consultants

Retailer Marks & Spencer has called in security consultants after a programming blunder gave the public access to confidential system passwords.

Bill Goodwin

M&S disclosed this week that an error on its Web site transferred customers to a "dump file" containing two system passwords when they clicked on one of the site's links. But the retailer denied that the passwords would have allowed hackers easy access to M&S systems.

"The file gave details of two out of five systems passwords," M&S said. "A hacker would not have got far with them. You have to use the passwords in the right sequence in the right areas. Even with the passwords you still have to negotiate around firewalls."

M&S uses the dump files to record the movements of visitors to its sites. The files contain an encrypted copy of each customer's password in addition to the two system passwords and details of their activity on the site.

The retailer said it fixed the problem within hours of it being detected by automatic monitoring software. It has called in consultants to ensure that the problem is not repeated.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

This was first published in October 2000


COMMENTS powered by Disqus  //  Commenting policy