Slashdot Mirror

← Back to Stories (view on slashdot.org)

Egghead Customer? Your Data Goes To Fry's

Posted by timothy on from the fry'd-eggheads dept.

An anonymous reader says: "I bought some things from onsale.com, which then became egghead.com. Somewhere in that time, their credit card database got jacked, for which they sent me a nice e-mail saying everything was ok. Now I've got a mail that I don't like at all, with the subject 'IMPORTANT MESSAGE REGARDING THE TRANSFER OF YOUR CUSTOMER INFORMATION.' Well. that's pretty much it. egghead.com info will go to Fry's Electronics, unless the customer explicitly requests that it not. How often does it happen that when a company goes under that they just sell their customer info and just not tell anyone?" Here are links to the Egghead info page and privacy and security policy.

15 of 213 comments (clear)

  1. The big question is... by caseydk · · Score: 3, Funny

    So who owns Fry's? Is it Disney or MS or AOL-TW?

  2. You should be happy by BigumD · · Score: 3, Flamebait

    Most companies that go under just sell the information outright. At least you got an opt out. I don't agree with them selling it at all, but again, at least there is an option...

    --
    --The space between my ears was intentionally left blank--
  3. I got this email also by eap · · Score: 5, Interesting

    My personal info was stolen some time back and was used fraudulently to purchase some items at egghead.com

    I tried the link to opt out, but you have to have a user id and password to do this! I don't have them because the criminal who stole my CC created them.

    As a result, there is no way for me to get them to remove my personal info, which wasn't supposed to be in their database in the first place!

    Egghead.com was also cracked about a year or so ago. They have a very poor track record of safeguarding their customers' information.

    Things like this make me want stricter privacy controls for personal information.

    1. Re:I got this email also by eap · · Score: 5, Informative
      There are 16 digits in your average Mastercard. (More in Amex, less in Visa). With 16 digits, there are 1,000,000,000,000,000 possible different numbers (give or take an order of magnitude). There are 100,000,000 people in the USA (again, give or take an order of magnitude). What are the odds that a randomly generated number is a real one?
      You have apparently never purchased anything over the phone. In addition to the credit card number, you must also supply an expiration date and at least a billing address zip code (sometimes street address).

      Let's see:

      (1^15 credit card numbers) * (1^5 zip codes) * (roughly 48 expiration dates over a 4 year card life) = NO CHANCE IN HELL OF GUESSING IT RANDOMLY

  4. Nothing to see here. Move along. by Anonymous Coward · · Score: 3, Funny
    1. Egghead is warning you a priori
    2. You can opt-out
    3. If you don't opt-out, Fry's (or whoever actually ends up as top bidder) will still be bound by the original privacy agreement you agreed to
    4. what more do you want from them? $100 and a blowjob?
  5. No way things can change... by Nawak · · Score: 3, Insightful

    ...since privacy helps terrorists.

    --
    A.D. 1517: Martin Luther nails his 95 Theses to the church door and is promptly moderated down to (-1, Flamebait).
    1. Re:No way things can change... by BrookHarty · · Score: 3, Funny

      Exactly, we should opensource all Terrorist movements.

      -
      GPL isnt only for software anymore!

  6. the changes that will take place in info by perdida · · Score: 4, Interesting

    Whether the data goes to Fry's or elsewhere, most data generated by virtual processes, and all other electronic transactions, will be used in ensuring security. This is especially likely due to Tuesday's tragedy.

    Information's nature will change soon.

    On NPR today, someone was explaining the use of electronic information as a possible alternative to ethnic, cultural, or social profiling of airplane passengers and other people who frequent public places.

    The security officials would use credit-card data, bill and purchase data, phone records, and bank data in order to verify that you have an established address, haven't moved around too much or done anything that provokes suspicion.

    In effect, we will all have different "clearance levels" in regular civilian society, which will decide for us whether we are stopped, interviewed, strip searched; what our freedom of movement and consumer activity will be; and what kinds of security-vital private sector training, such as computer or pilot skills, that we can enjoy.

    --
    Goat sex free since 2001
  7. Keeping Them Out of Your Face by Greyfox · · Score: 4, Informative
    While you can't do much to keep companies from selling your information, you can do a fair bit to keep them out of your face. For junk snail-mailers, there are several organizations that will get your name removed from the lists (Or added to a do-not-send list) and promise to dramatically reduce if not completely eliminate the amount of junk mail you get.

    For telemarketers, finding out their company, the company they represent and the first and last name of the person you're talking to before you ask them to add you to their do-not-call list is the way to go. Log that information and sue them if they ever call you again.

    For spammers your choices are more limited, especially if you don't run your own mail server. It is next to impossible to not download spam, although you can process it in such a way that you never see it. There are two solutions I like the most. The first is to keep a whitelist of people who are allowed to send you E-Mail. You can store the E-mail of anyone who has sent you mail and isn't on the list and require them to reply to a message to get added to the white list. Purge any such stored messages after a week or so. The other alternative is to reject any E-mail that's not encrypted to your obnoxiously long encryption key. A 4096 bit key takes about 30 seconds to encrypt to for a 1 page message on a P166. No spammer's going to take the time (Nor would they be capable of taking the time, if everyone did this.)

    For internet banner ads and more obnoxious features of the web, I've found that disabling popups and animations in Mozilla makes things a lot less annoying. YMMV depending on your web browser.

    And of course, if you know a company is likely to sell your information without your permission, don't do business with them and tell them why.

    We're already constantly on the verge of information overload (or well past the verge) without some company you never heard of buying your info and jamming more advertising down your throat. Pursuing your privacy like a rabid pit-bull is the only way to avoid having this happen.

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  8. Enough opt-outs, and Fry's drops the deal! by retrogmr · · Score: 4, Informative

    Fry's Electronics has made it a clause of the purchase that no more than 10% of Egghead.com's customers opt-out of the mailing list.

    Check this article about it on CNet:
    http://news.cnet.com/news/0-1007-200-6962164.htm l

  9. Re:This is why I don't buy stuff on-line. by hattig · · Score: 3, Insightful
    The sad thing is, companies store CC information openly on servers (whether in a DB or in a file). They claim a secure site, but they are lying (misleading the consumer - an illegal activity in most countries I believe) because the whole process (customer to delivery) is not secure, only the customer to website part is.

    Sadly, even simple, 10 minute code jobs like PGP encrypting the customer's payment details before storing them on the server are beyond most online sites. And that is very sad. My company PGP encrypts all online payments before saving them on the server, and they are only decrypted on a computer that is not connected to the Internet (even though this is not as easy as getting an email with all the details in plain text (which other sites do after the https part of the deal anyway!)). After processing, the details are deleted.

    SPAM has got much worse this year. Last year I got very few, this year I also get 10 or so a day on my personal email account, despite always having it spam-proofed one way or another. Action needs to be taken against spammers.

    Anyway, the companies T&Cs will give them the right to sell on the information you provide if they so desire.

  10. I tried by www.sorehands.com · · Score: 3, Informative

    I tried the link, but it failed.

    --
    Fight Spammers!
  11. Why not buy it from some Russian hacker? by fmaxwell · · Score: 4, Funny

    If Fry's really wanted the egghead.com customer database, why didn't they just buy it from some 15 year old Russian hacker?

  12. CC# are not very random at all by Mad+Marlin · · Score: 5, Informative

    Credit card numbers are not as random as you might think. A good overview can be found at this site.

    --
    Best Slashdot comment ever
  13. case study by flufffy · · Score: 3, Interesting
    here's a concrete example altho i do not know if it was discussed here.

    in the fall of 2000, toysmart, an online toy retailer partly owned by the walt disney corporation, filed for chapter 11 bankruptcy, and announced that it was including its customer data base as one of the assets to be liquidated. disney had injected $45 million into toysmart but finally pulled the plug in may 2000, and shortly after toysmart filed for bankruptcy.

    it then emerged that toysmart considered its database of customer information to be a liquidisable asset, that it would sell, in effect, to the highest 'trustworthy' bidder.

    the federal trade commission disagreed with toysmart, and for a while considered blocking the sale, before finally allowing it to proceed under restricted conditions. notably, these conditions did not include any obligation on the part of toysmart's creditors to either inform or obtain permission from toysmart's customers. in the end, the data did not provoke a bidding frenzy: the highest offer had come from disney itself ($50,000), with the next highest offer being $15,000 from a market research firm in maine.

    for more info search google, cnet, etc., with relevant terms.