Victoria's Secret Fined for Security Leak

← Back to Stories (view on slashdot.org)

Victoria's Secret Fined for Security Leak

Posted by ryuzaki0 on Tuesday October 21, 2003 @10:56AM from the untouchables dept.

An anonymous reader submits: "The state of New York has fined Victoria's Secret for failing tomaintain secure access to customer purchase records. Last year, a customer noticed that it was possible to look up online purchase records by manipulating their website. However, this was not consistent with the company's posted privacy policy. After getting brushed by VS's Customer Service, the guy contacted the media. NY State AG Eliot Spitzer took action under 1930s laws regarding deceptive business practices. VS settled to pay a $50 000 fine, notification of affected customers, fixing the site, and all without admitting violation of law."

52 comments

Min score:

Reason:

Sort:

... dirty.... by Anonymous Coward · 2003-10-21 11:00 · Score: 0

dirty unmentionables....!!

stinky lingerie!!!
funny by falsification · 2003-10-21 11:02 · Score: 1

Victoria's Secret not so secret anymore.
The Peephole by AtariAmarok · 2003-10-21 11:06 · Score: 2, Funny

I had a friend who worked in a Victoria's Secret. He made great use of the peepholes behind the dressing rooms. Talk about a security problem.

--
Don't blame Durga. I voted for Centauri.
1. Re:The Peephole by Anonymous Coward · 2003-10-21 11:11 · Score: 0
  
  I wouldn't hang out with that guy if I were you.
2. Re:The Peephole by Anonymous Coward · 2003-10-21 11:55 · Score: 0
  
  Right. Don't use the peepholes at the same time as that guy.
3. Re:The Peephole by linzeal · 2003-10-21 19:58 · Score: 1
  
  I've heard of these at "X"mart where my friend works on and off he is a graduate student/asst manager. About 2x a year he finds out about something like this.
  
  --
  An Education is the Font of All Liberty
4. Re:The Peephole by Tackhead · 2003-10-22 04:28 · Score: 1
  
  > I had a friend who worked in a Victoria's Secret. He made great use of the peepholes behind the dressing rooms. Talk about a security problem.
  "That's not a bug, it's a feature!"
5. Re:The Peephole by Anonymous Coward · 2003-10-22 13:20 · Score: 0
  
  ...I had a friend who worked in a Victoria's Secret. He made great use of the peepholes behind the dressing rooms....
  
  A friend... eh? Sure.... a "FRIEND".... !!?
6. Re:The Peephole by Anonymous Coward · 2003-10-22 13:23 · Score: 0
  
  Hey be careful who you tell about this, the spies are everywhere. So remember: "...careless talk costs eyes..."
Shit by Anonymous Coward · 2003-10-21 11:09 · Score: 0

Now some skr1pt k1dd1e knows about my panty fetish.
Since most people here probably don't know by Anonymous Coward · 2003-10-21 11:14 · Score: 5, Funny

Here's the link to Victoria's Secret Web site. I mean, come on, you post a link to a newspaper article withouth actually linking through to this fine site?
1. Re: Since most people here probably don't know by Black+Parrot · 2003-10-21 12:24 · Score: 1
  
  > Here's the link to Victoria's Secret Web site.
  
  Does all that sticky stuff mean it's slashdotted?
  
  --
  Sheesh, evil *and* a jerk. -- Jade
2. Re:Since most people here probably don't know by ForestGrump · 2003-10-21 12:32 · Score: 1
  
  And now for...
  <a href="http://www.manties.net/">Victor's Secret</a>
  
  --
  Is it true that more people vote for the winner of American Idol, than vote for the president? -Ali G.
3. Re:Since most people here probably don't know by ForestGrump · 2003-10-21 12:36 · Score: 1
  
  Victor's Secret sorry, was posting in POT
  
  --
  Is it true that more people vote for the winner of American Idol, than vote for the president? -Ali G.
4. Re:Since most people here probably don't know by Anonymous Coward · 2003-10-21 12:41 · Score: 0
  
  I used to have them send me their catalog, addressed to "The High Minister of Eugenics." But seriously, you're linking to the site, but not to the page where you order your free catalogue?
5. Re:Since most people here probably don't know by Anonymous Coward · 2003-10-21 15:29 · Score: 0
  
  Maybe /.ers would actually /RTFA/ if this link was posted. Heh ...
Re:shoulda used apache! by mrfunky405 · 2003-10-21 11:19 · Score: 0

This doesn't sound so much like a webserver problem as a website implemented with absolutely no thought whatsoever given to security. Also, a freakin' idiot AC problem.
VS might just recoup the $50K in a countersuit by RalphBNumbers · 2003-10-21 11:23 · Score: 3, Interesting

This guy publicized a security flaw, why hasn't he been sued yet?

--
"The worst tyrannies were the ones where a governance required its own logic on every embedded node." - Vernor Vinge
1. Re:VS might just recoup the $50K in a countersuit by jargonCCNA · 2003-10-21 11:29 · Score: 2, Informative
  
  Because that angle's already been played once and, as I recall, was eventually shot down by the courts. A precedent's been set.
  
  --
  Matthew G P Coe
  http://mgpcoe.blogspot.com/
2. Re:VS might just recoup the $50K in a countersuit by Anonymous Coward · 2003-10-21 12:36 · Score: 0
  
  he contacted the media, not bugtraq
3. Re:VS might just recoup the $50K in a countersuit by NanoGator · 2003-10-21 13:12 · Score: 1
  
  "This guy publicized a security flaw, why hasn't he been sued yet?"
  
  Maybe because the President of Victoria's Secret is also a client.
  
  --
  "Derp de derp."
4. Re:VS might just recoup the $50K in a countersuit by sir_cello · 2003-10-22 18:16 · Score: 1
  
  Because of "getting brushed by VS's Customer Service", it can be considered in the public interest for him to take the matter elsewhere.
  
  Society becomes bad if don't allow this to happen.
SLAPP, Politics, election year... by BrookHarty · 2003-10-21 11:24 · Score: 2, Interesting

Just Curious, if the State needed the support of the company, wouldnt they go after you for some DMCA laws? (Election year and such)

Could you use the SLAPP law argument against the STATE or Company?

Just seems the politics has a hand in this, if it wasnt Victoria Secrets, but a law firm, the person who reported it could have been targeted as a criminal.

Nice to see the law work correctly for once. But then, anything can happen...
McDonald's Frivolous Lawsuit by Anonymous Coward · 2003-10-21 11:36 · Score: 0

"Nice to see the law work correctly for once. But then, anything can happen

Unlike that time lawyers lied in court and fooled a bunch of people into giving a lady $$$$ because she spilled coffee on hero own lap.
1. Re:McDonald's Frivolous Lawsuit by BrookHarty · 2003-10-21 14:55 · Score: 3, Informative
  
  McDonald's Frivolous Lawsuit
  
  I always thought the McDonalds case was frivolous till I read the facts. Check out McFacts about the case.
  
  Pasted here.
  
  McFact No. 1: For years, McDonald's had known they had a problem with the way they make their coffee - that their coffee was served much hotter (at least 20 degrees more so) than at other restaurants.
  
  McFact No. 2: McDonald's knew its coffee sometimes caused serious injuries - more than 700 incidents of scalding coffee burns in the past decade have been settled by the Corporation - and yet they never so much as consulted a burn expert regarding the issue.
  
  McFact No. 3: The woman involved in this infamous case suffered very serious injuries - third degree burns on her groin, thighs and buttocks that required skin grafts and a seven-day hospital stay.
  
  McFact No. 4: The woman, an 81-year old former department store clerk who had never before filed suit against anyone, said she wouldn't have brought the lawsuit against McDonald's had the Corporation not dismissed her request for compensation for medical bills.
  
  McFact No. 5: A McDonald's quality assurance manager testified in the case that the Corporation was aware of the risk of serving dangerously hot coffee and had no plans to either turn down the heat or to post warning about the possibility of severe burns, even though most customers wouldn't think it was possible.
  
  McFact No. 6: After careful deliberation, the jury found McDonald's was liable because the facts were overwhelmingly against the company. When it came to the punitive damages, the jury found that McDonald's had engaged in willful, reckless, malicious, or wanton conduct, and rendered a punitive damage award of 2.7 million dollars. (The equivalent of just two days of coffee sales, McDonalds Corporation generates revenues in excess of 1.3 million dollars daily from the sale of its coffee, selling 1 billion cups each year.)
  
  McFact No. 7: On appeal, a judge lowered the award to $480,000, a fact not widely publicized in the media.
  
  McFact No. 8: A report in Liability Week, September 29, 1997, indicated that Kathleen Gilliam, 73, suffered first degree burns when a cup of coffee spilled onto her lap. Reports also indicate that McDonald's consistently keeps its coffee at 185 degrees, still approximately 20 degrees hotter than at other restaurants. Third degree burns occur at this temperature in just two to seven seconds, requiring skin grafting, debridement and whirlpool treatments that cost tens of thousands of dollars and result in permanent disfigurement, extreme pain and disability to the victims for many months, and in some cases, years.
2. Re:McDonald's Frivolous Lawsuit by Anonymous Coward · 2003-10-21 14:57 · Score: 1
  
  Almost true.
  
  * Stella Liebeck, age 79, was a passenger in the car.
  * The car was at a full stop so she could add cream and sugar to her coffee. [She was not the driver and the car was not moving.]
  * The cup tipped and spilled over her lap.
  * Within a few seconds, Ms. Liebeck suffered third-degree burns over 6 percent of her body, including her inner thighs, perineum, buttocks, genitals and groin.
  * Ms. Liebeck was hospitalized for 8 days, and required skin grafting and debridement treatments.
  * Parts of Ms. Liebeck's body were permanently scarred.
  * Ms. Liebeck tried to settle with McDonald's for $20,000 to cover her medical expenses. McDonalds offered her $800. She sought mediation, but McDonald's refused.
  * The jury initially awarded Ms. Liebeck the equivalent of two days worth of coffee sales for McDonalds as punitive damages.
  * The trial judge reduced the verdict to something under $600,000.
3. Re:McDonald's Frivolous Lawsuit by Blkdeath · 2003-10-21 19:27 · Score: 1
  I always thought the McDonalds case was frivolous till I read the facts. Check out McFacts about the case.
  
  In my mind it still amounts to something like this;
  
  Woman spills hot liquid in own lap.
  
  Woman sues Big Pocketted Corporation for egregious amounts of financial "compensation"
  
  I've got news for anybody who considers the above lawsuit anything less than frivolous; it's hot coffee. McDonald's (or any other restaurant) should not be under any obligation to inform people of same. FACT: If it weren't hot, people would not desire to purchase and/or consume it.
  --
  BD Phone Home!
  Shameless plug. Like you weren't expecting it.
4. Re:McDonald's Frivolous Lawsuit by BrookHarty · 2003-10-22 05:24 · Score: 1
  
  I've got news for anybody who considers the above lawsuit anything less than frivolous; it's hot coffee.
  
  The coffee was hotter than industry average, it adds nothing to flavor, but can cause 3rd degree burns in 2 seconds. Normal hot coffee wont give you 3rd degree burns or require skin grafts when spilled on your lap.
  
  This is like calling "Lava" a little hot. Spilling normal coffee, "Ouch that hurts", spilling Mcdonalds Coffee "Ouch, I'm bleeding, I have 3rd degree burns, I need to goto the hospital". See the difference?
5. Re:McDonald's Frivolous Lawsuit by Blkdeath · 2003-10-22 07:43 · Score: 1
  
  The coffee was hotter than industry average, it adds nothing to flavor, but can cause 3rd degree burns in 2 seconds.
  
  Awwwwww. Poor people who can't manage to keep a lid on their coffee or keep their fresh, hot coffee away from their crotch. Some of us who have the fortune of working outside actually enjoy really hot coffee. See, it doesn't cool to 5 degrees celcius within ten minutes of hitting the out of doors and we can still enjoy it without the aid of a microwave.
  It all boils down to personal responsibility and no amount of lawsuits or precedent is going to change the fact that, by and large, (North) American citizens are too quick to blame everybody but themselves for their own shortcomings. It just happens that in all too many cases that blame is centred square on the shoulders of a corporation with a billion dollar bankroll.
  Ask yourself; is $xx million going to restore your legs to their former state? No. Is it going to rid you of your clumsiness? No. Is it going to prevent you from committing further acts of stupidity? No. Why do people sue for millions of dollars? Greed, a corrupted legal system, and selfish people who want to get rich quick.
  
  --
  BD Phone Home!
  Shameless plug. Like you weren't expecting it.
6. Re:McDonald's Frivolous Lawsuit by BrookHarty · 2003-10-22 08:06 · Score: 1
  
  The lady who sued, only asked for hospital bills to be paid. McDonalds refused, she had to sue. She wasnt after millions, only a couple thousand that McDonalds should of paid. The Jury was the ones who awared the millions of dollars, as a punishement.
  
  Also, mcdonalds coffee wasnt the average temperature, this is where its not the consumers fault. She expected the coffee to be hot, not hot enough to burn flesh and muscle.
  
  As Stupidity goes, McDonalds did not turn down the coffee temperature to a normal industry standard, that doesnt burn people if they spell it or drink it. They had almost 1000 complaints about the temerature.
  
  While there are people who use the legal system for greed and profit, this case was not one of them. But then, its easy to latch onto non-truths, anyone say "Weapons of Mass Destruction" anyone?
7. Re:McDonald's Frivolous Lawsuit by crazyphilman · 2003-10-22 09:23 · Score: 1
  
  I feel so sorry for that poor old lady, too -- she had burns on her genitals! Can you imagine how much that must have hurt? Let alone how much it must have hurt to treat the wounds (peeling off the damaged skin, the whirlpool treatments, etc). And, I think that the fact that all she asked for was her medical bills paid shows a remarkable amount of restraint. If this had happened to me, and some ridiculous stuffed suit had told ME they couldn't help me with the bills, I'd have gone ballistic. Fuck money -- I'd have wanted an eye for an eye (or, as the case may be, a scorched unmentionable for a scorched unmentionable). The suits would be running for their lives from my groin-directed wrath, and I'd be chasing them with a couple of super-sized boiling hot coffee containers.
  
  Anyway, I'm glad the old lady sued them. I hope she's feeling better. I wince just thinking about it.
  
  --
  Farewell! It's been a fine buncha years!
8. Re:McDonald's Frivolous Lawsuit by SuiteSisterMary · 2003-10-30 06:34 · Score: 1
  
  McFact number The Most Important: If you stick a soft, styrofoam cup with a easy-to-remove lid full of hot liquid into your crotch, whilst driving, you DESERVE WHAT YOU GET.
  
  --
  Vintage computer games and RPG books available. Email me if you're interested.
Figuratively speaking by Anonymous Coward · 2003-10-21 11:49 · Score: 0

Their Web server was almost naked in terms of security, if you know what I mean.
Mord-Sith by Anonymous Coward · 2003-10-21 11:58 · Score: 0

Drats! I was picturing Diana Rigg in a scanty Mord-Sith costume.
Re:Welcome ! by Nasarius · 2003-10-21 12:15 · Score: 1

Or John Ashcroft...I'm very sorry for that image.

--
LOAD "SIG",8,1
i don't feel so bad anymore by focitrixilous+P · 2003-10-21 12:48 · Score: 1

for failing tomaintain secure access to customer purchase records.

Ah, I don'tfeelbadaboutallmytyposnow.

--
SAILING MISHAP
1. Re:i don't feel so bad anymore by Josh+Booth · 2003-10-21 13:29 · Score: 2, Funny
  
  Tomaintain is not a typo. It is a new kind of fruit -- the cross between a tomato and a plantain. The extra 'i' is due to the redneck farmers (read: Homer Simpson) who created it. Sort of like tomacco, but not addictive. I just wonder what tomaintains have to do with Victoria's Secret.
Official Atty Gen. press release at this link soon by Speequinox · 2003-10-21 13:13 · Score: 3, Informative

http://www.oag.state.ny.us/internet/internet.html
There's also info at the same page concerning some other cool Internet work that the NY Attorney General has done.
Why the hell is it by elmegil · 2003-10-21 13:46 · Score: 2, Interesting

That corporations never have to admit guilt?
If I break the law, I don't have the same luxury, how is this equal protection?

--
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
1. Re:Why the hell is it by ChaoticLimbs · 2003-10-21 14:10 · Score: 2, Insightful
  
  There is no circumstance in US law where you would be required to admit guilt. You may be fined, imprisoned, or executed, but you will never be required to admit guilt, or to confess guilt to anyone verbally or in writing. Sometimes individuals or corporations admit guilt as part of a settlement or plea bargain, but it is never forced upon anyone. So, you DO have equal protection (in this instance). YMMV
VS has a Policy of transparency...... by adsl · 2003-10-21 14:22 · Score: 1

....in everything that they sell;)
SO by Anonymous Coward · 2003-10-21 16:10 · Score: 0

Do they still have a Trust-e seal of approval?
Stupid hacker by Anonymous Coward · 2003-10-21 17:26 · Score: 0

I wouldnt be looking at credit cards if i hacked through them...
Alternate article title... by weeboo0104 · 2003-10-22 04:06 · Score: 2, Funny

Victoria's Secret gets fined for having a
"Don't get your panties in a bunch" attitude towards online purchase security.

--
It is easier to build strong children than to repair broken men. -Frederick Douglass
Heh by Anonymous Coward · 2003-10-22 04:28 · Score: 0

They probably thought they could get away with just patching the holes as needed to be legal...
Who needs Victoria's Secret anyway? by crazyphilman · 2003-10-22 09:28 · Score: 1

I'd rather any girlfriend I had ran around butt nekkid. All those panties and bras just obstruct my view. Come on, baby, let those things bounce around free! They don't want to be cooped up in that there garmint! I want me some FREE-RANGE boobies, none of that veal-pen bra'd stuff. And everyone knows a wild, bushy forest beaver is much happier than a beat-down zoo beaver. Save the panty and bra money, babe, we'll use it to go to the shore...

--
Farewell! It's been a fine buncha years!
1. Re:Who needs Victoria's Secret anyway? by Anonymous Coward · 2003-10-22 13:13 · Score: 0
  
  Does your girlfriend wear a skirt by any chance? :-)
2. Re:Who needs Victoria's Secret anyway? by crazyphilman · 2003-10-23 02:47 · Score: 1
  
  Better - my ex girlfriend used to wear cotton housedresses with no underwear at all. They come right off with a flick of the wrist! Wonderful, wonderful things, those housedresses... I miss her; she lives out in Arizona, and I live in NY. Sigh... No more housedresses for the Philman...
  
  --
  Farewell! It's been a fine buncha years!
3. Re:Who needs Victoria's Secret anyway? by Anonymous Coward · 2003-10-23 06:53 · Score: 0
  
  Sound like you need to invite her up to NY on a cold day and warm her up with some Dicken's Cider.
Re:Official Atty Gen. press release at this link s by Anonymous Coward · 2003-10-22 19:39 · Score: 0

Getting Attention [tinfoil hat warning].

These days, it seems that the key to getting attention (good or bad) is the key to selling products.

For example, last week I saw something discussed here on Slashdot and now I see it in the general news media. Wait now...