Buy.com
Privacy Violations
Massive Public Disclosure of Customer Names, Phone Numbers, and Addresses
On October 11, I used buy.com's product return system to request authorization to return an item Buy.com sent me in error. In the course of doing so, I noticed that their return system allows anonymous, unauthenticated Internet users to view the names, phone numbers, and addresses of all buy.com customers making returns. This is possible via the web page that produces prepaid shipping labels for returning unwanted/defective merchandise.
For example (no offense intended to the persons described herein, whose records I found randomly), Mr. Robert Ryan of Framingham, MA is a buy.com customer, and his street address and phone number are visible at http://150.105.32.66/Server/buycom/Links/40000.html. Then there's William Johnson (of West Virginia), http://150.105.32.66/Server/buycom/Links/40001.html, and on and on and on. These names go back to at least July of this year, I was able to determine by entering tracking numbers visible on pages like those linked above into the UPS Tracking System. See for yourself -- just make up different numbers for the filename in the URL (i.e. replace 10000.html with any other number of your choice, starting at about 800 and going up to at least 56000; note that for larger numbers, you may have to try a few nearby numbers until you get one that works, for the numbers seem to stop being contiguous at some point in the 40000's, I believe).
I have notified buy.com of this problem via email to multiple addresses (including webmaster@buy.com). However, I have yet to receive even an acknowledgement of the problem, and so far as I know they have not yet made any changes whatsoever to prevent the disclosure of the names, addresses, and phone numbers of all customers who returned products in the last 3+ months. While I certainly recognize the value of what buy.com is doing -- generously paying for two-way shipping of returned products -- it seems to me that responsibility requires them to place privacy over technical convenience, and surely their programmers can devise a method of distributing these prepaid shipping labels other than unsecured open downloads via predictable URLs.