[funsec] Sears did it again

Juha-Matti Laurio juha-matti.laurio at netti.fi
Mon Jan 7 17:23:59 CST 2008

The spyware report last week

and more bad news again:

>From Ben Edelman's Web site:

"Sears Exposes Customer Purchase History in Violation of Its Privacy Policy

Want to know what a given customer has purchased from Sears? It's surprisingly easy to find out. Here's the procedure:

1) Go to the Sears "Manage My Home" site, www.managemyhome.com . Create an account and sign in. [Screenshot.]
2) On the Home menu, choose Home Profile. In the Search Purchase History section, choose Find Your Products. [Screenshot.]
3) Enter the name, phone number, and street address of the customer whose purchases you wish to view. Press Find Products. [Screenshot.]

Sears then displays all purchases its database associates with the specific customer -- typically major appliances and other large purchases."

More at

Later on Friday the post was updated
'Update (January 4, 5pm): Sears has disabled the search feature described above.'

The Register's coverage:

Sears sued for website that leaked customer purchases (Mon 7th Jan)



More information about the funsec mailing list