A security hole with Ameritech's E-bill online bill payment system was discovered today by Tap Internet, a web services firm in Ypsilanti, Michigan. Basically the hole allows other users to alter the url and possibly pull up other records of other users.
"By simplying modifying the "stmt" portion of the web address, a user can view statement records for other customers. While there is no direct way to look up information on specific customers, customers' names and phone records are listed on statements, so randomly searching through online statements can still yield extremely personal information. "
You can view the full release here.
posted @ Wednesday, March 21, 2001 11:27 PM