?

Log in

 
 
31 July 2011 @ 10:53 pm
The privacy of Rewards member e-mail addresses? (Revisited)  
On April 23, someone posted a link to a public Brierley.com website where anyone could look up any Borders Rewards member by Rewards card number, e-mail address, or phone number (last 7 digits only).

That public website is still there today. Modifying an account is now disabled but lookup still works. Was this site ever taken down after it was revealed here, or did someone mistakenly put it back up?

(This post is member-locked to discourage Google, Bing, DukGo, etc. from finding it.) Not anymore -- see first comment by rufinia

ETA, August 2, 11:50 am: The web form at Brierley.com is no longer publicly available. You just get a blank page now. Thank you, whoever got this fixed.
 
 
rufinia on August 1st, 2011 03:40 am (UTC)
Ron, member locked means a) a LOT of people will not see this post at all (there are a number of people who are not LJ members who use this) and b) means the ones who ARE LJ members can't answer anonymously, and even with the company going down, is still the safest bet.

ron_newman on August 1st, 2011 03:43 am (UTC)
OK, I'll unlock it, though I'm still concerned about lots more people finding that page as a result.
(no subject) - rufinia on August 1st, 2011 03:47 am (UTC) (Expand)
(no subject) - ron_newman on August 1st, 2011 04:06 am (UTC) (Expand)
(no subject) - denardo on August 2nd, 2011 12:09 am (UTC) (Expand)
(no subject) - ron_newman on August 2nd, 2011 01:44 am (UTC) (Expand)
(no subject) - denardo on August 2nd, 2011 02:23 am (UTC) (Expand)
(no subject) - (Anonymous) on August 2nd, 2011 04:37 am (UTC) (Expand)
(no subject) - wild_rhino on August 3rd, 2011 01:19 pm (UTC) (Expand)
(no subject) - denardo on August 3rd, 2011 01:43 pm (UTC) (Expand)
(no subject) - ron_newman on August 5th, 2011 02:48 pm (UTC) (Expand)
(Anonymous) on August 1st, 2011 05:02 am (UTC)
This site was made inaccessible, somehow, shortly after the initial post. I can't begin to comprehend why it's open to the web again. It's too bad the ability to modify an account is disabled because I would be sure to remove my own e-mail address!

Rufinia -- I don't think that just because the BR+ discount ends on August 5th that the BR database will just be trashed. The information could still be sold -- nothing in the privacy policy explicitly prohibited Borders from one day selling or transferring customer information to another party.
ron_newman on August 1st, 2011 05:27 am (UTC)
The customer information will be sold. See this motion. Hopefully to another bookseller rather than to a gang of spammers, but who knows?
(no subject) - (Anonymous) on August 1st, 2011 07:35 am (UTC) (Expand)
(no subject) - (Anonymous) on August 2nd, 2011 03:48 am (UTC) (Expand)
May as well change your email addresses now - (Anonymous) on August 2nd, 2011 03:09 pm (UTC) (Expand)
(Anonymous) on August 1st, 2011 05:36 am (UTC)
867-5309 is the phone number of Pidgie Scoot. aescott@somethingorother.net

and Jimmy Cliff and Spaceman Spliff. abe vigoda Autumn Beaver.

This info will sell for big money at the data-miners auction.
(Anonymous) on August 1st, 2011 06:24 pm (UTC)
thank you!
Thank you for the information! You've performed a great function. -Google
(Anonymous) on August 1st, 2011 07:50 pm (UTC)
Bad, very bad. You knew, of course, that Borders' only value was from its database, which they promised to "keep secure." That's the only good to anybody this moaning corpse of a company was. Privacy? On the internet?
Really? Who knew?
(Anonymous) on August 2nd, 2011 03:49 am (UTC)
Oh, and also the value from it's magnificently glorious website!
(Anonymous) on August 2nd, 2011 05:04 am (UTC)
That "Website"
It's hilarious that they announce Borders stores are closing but Borders.com is "open". Except all sales are final, lots of items are out "out of stock" and back ordered, and many items are no longer discounted.
Re: That "Website" - (Anonymous) on August 2nd, 2011 11:42 am (UTC) (Expand)
Re: That "Website" - (Anonymous) on August 2nd, 2011 04:28 pm (UTC) (Expand)
(Anonymous) on August 2nd, 2011 01:43 am (UTC)
I still think a class action suit is appropriate
I personally entered hundreds of emails and assured folks of their security.

When I discovered the link last year and reported it, I was horrifed by the dead silence from corporate.
The site was down after I went public but yes it is now back and I am stunned by this.
If someone wants to find a lawyer, I have all of my correspondence with borders and open mike.

Underperformer.
(Anonymous) on August 2nd, 2011 04:33 am (UTC)
Re: I still think a class action suit is appropriate
I think you'd need to be able to prove there was some kind of damage done to file a suit.

I sent a message directly to Brierly (www.brierly.com) to let them know about the breach. They might wonder who Pidgie Scoot is, but maybe they'll do something about it.
Re: I still think a class action suit is appropriate - (Anonymous) on August 2nd, 2011 11:48 am (UTC) (Expand)
Re: I still think a class action suit is appropriate - (Anonymous) on August 2nd, 2011 05:31 pm (UTC) (Expand)
(Anonymous) on August 2nd, 2011 03:15 pm (UTC)
Re: Email privacy
Crap. I entered thousands of email addresses, and assured people their info would be confidential and private.

Way to screw up your own bankruptcy, AA.
(Anonymous) on August 2nd, 2011 02:30 am (UTC)
So many of the emails and phone numbers we all entered were fake. Either that or get written up. Wouldn't it be nice if the list was largely unusable? HAHAHAHA!

Well, you get what you pay for.
KanojoNoCarrera on August 2nd, 2011 08:21 am (UTC)
Yeah, I did contribute a few "fake e-mails" back when the card was free. Then one of my co-irkers did the same idea, only she did it with the BR+. Her method involved getting Senior Citizens into BR+ by making up an e-mail.
you should have been fired - (Anonymous) on August 11th, 2011 02:53 am (UTC) (Expand)
Re: you should have been fired - KanojoNoCarrera on August 11th, 2011 08:58 am (UTC) (Expand)
Re: you should have been fired - (Anonymous) on August 15th, 2011 02:32 pm (UTC) (Expand)
Re: you should have been fired - KanojoNoCarrera on August 15th, 2011 07:38 pm (UTC) (Expand)
(Anonymous) on August 2nd, 2011 12:33 pm (UTC)
This topic? Who gives a flying fuck?
ron_newman on August 2nd, 2011 12:35 pm (UTC)
Customers who put their names and e-mail addresses into this database, not expecting them to be made available to the public.
(Anonymous) on August 2nd, 2011 03:26 pm (UTC)
It's gone again.
(Anonymous) on August 2nd, 2011 03:29 pm (UTC)
Safe again?
That website appears to be unavailable again, at least to the public. The link just takes you to a blank page.
ron_newman on August 2nd, 2011 03:57 pm (UTC)
Re: Safe again?
Glad to see this. I edited the original post appropriately.
(Anonymous) on August 2nd, 2011 05:22 pm (UTC)
I can still get in through a back door.
(Anonymous) on August 2nd, 2011 06:33 pm (UTC)
EW. Everybody goes in your back door.
(Anonymous) on August 2nd, 2011 08:14 pm (UTC)
Who The Bleep Cares?
It's over. Borders is DEAD. Forget about it all. What's the point?

If you people would have cared enough about managing the damn business they way you debate "never gonna happen" class action suits you might not have gone bankrupt.

What a wast of time. It's Freakin Over.
ron_newman on August 2nd, 2011 08:25 pm (UTC)
Re: Who The Bleep Cares?
You don't think getting that web site taken down was a constructive thing to do?

(And I'll repeat my answer to someone else above who asked the same thing: the people who might care are those whose names, phone numbers, and e-mail addresses are in that database)

Edited at 2011-08-02 08:27 pm (UTC)
(Anonymous) on August 2nd, 2011 10:25 pm (UTC)
Re: Who The Bleep Cares?
Yup - my real name etc. is in there and I'd rather not have it available to anyone with an internet connection.

You must know that none of us here are in charge, but I think if (some of) the people on this board had been running the company, Borders might still be a going concern. Maybe.

And I'll care about the customers and the people I work with until the doors close, because I'm not going to give up being a decent human being just because I'm losing a job.
Re: Who The Bleep Cares? - (Anonymous) on August 2nd, 2011 11:02 pm (UTC) (Expand)
Re: Who The Bleep Cares? - (Anonymous) on August 3rd, 2011 02:22 am (UTC) (Expand)
Re: Who The Bleep Cares? - (Anonymous) on August 5th, 2011 06:33 am (UTC) (Expand)
KanojoNoCarrera on August 3rd, 2011 12:37 am (UTC)
"Thank you, whoever got this fixed."

Don't praise them just yet. They had a MAJOR security hole, and it took them TWICE to fix it. Well, once to fix the initial hole, and then somehow let it lapse into this again.