[ISN] Storage Company's Online Security Breach Exposed

InfoSec News isn at c4i.org
Thu Jun 29 04:52:55 EDT 2006


By Sue Kwon
Jun 27, 2006

(CBS 5) A CBS 5 investigation has confirmed a security breach at a
popular self-storage company that may have exposed customers' private
information on its website.

AAAAA Rent-A-Space has taken its online payment system offline and is
notifying thousands of customers to check for identity theft after CBS
5 told the company about a flaw on their website.

Howard Fortner describes the security at AAAAA Rent-A-Space in Colma
as tighter than Fort Knox. So he was surprised when the cyber gate was
left wide open on the storage facility's website.

While trying to make an online payment, Fortner says he accidently
typed in someone else's storage unit number along with his password,
which is his phone number.

Up popped another customer's private information, including a name,
address, credit card, and Social Security number.

"I thought about mine's as vulnerable as that one," Fortner said. "I
tried it with a different number, and several accounts opened up."

His password opened at least five other customer profiles.

After CBS 5 alerted AAAAA Rent-A-Space to the problem, the company
worked with the Arizona software developer who created the site's
account-based program called "Web-Expres." By late Tuesday afternoon,
they found the glitch and have taken the payment system offline until
it is patched.

AAAAA Rent-A-Space says its online payment system has been up for a
year with no other incidents reported.

The company says it plans to mail out 13,000 letters about the
discovery to custmers in California and Hawaii, including those who
have items stored at the 10 Bay Area facilities.

(© MMVI, CBS Broadcasting Inc. All Rights Reserved.)

More information about the ISN mailing list