Buying a Samsung TV Online Could Jeopardize Your Data (cnet.com)

← Back to Stories (view on slashdot.org)

Buying a Samsung TV Online Could Jeopardize Your Data (cnet.com)

Posted by msmash on Thursday March 16, 2017 @06:00AM from the privacy-woes dept.

An anonymous reader shares a CNET report: If you buy a product from Samsung's online store, your name, address, order information and other data may be accessible to anyone who cares to look. Matt Metzger, a self-described "application security engineer" who said he has worked in shipping-industry compliance, wrote Wednesday on Medium about an accidental discovery. Metzger said he ordered a TV from the Samsung online store and was sent a URL to track his delivery. When he followed the URL, he discovered that his tracking number was the same one used for someone else's previous delivery and that he could see sensitive information, such as the person's name and items ordered, without any security measures getting in the way. Metzger also discovered that more information was attached in a TIFF file to his own order after the delivery was completed. The file included his full name, address and signature.Samsung told CNET it is aware of the issue and is looking into it.

30 comments

Min score:

Reason:

Sort:

A website has a flaw by Anonymous Coward · 2017-03-16 06:00 · Score: 0

Holy shit. In this day and age? Who can believe it? A website with a flaw. We must blog about this.
1. Re:A website has a flaw by StarryEyed · 2017-03-16 06:03 · Score: 1
  
  Yeah, but a 1990's style flaw in 2017? It's like they're not even trying.
2. Re:A website has a flaw by Higaran · 2017-03-16 06:03 · Score: 1
  
  It's not a bug, it's a feature.
3. Re:A website has a flaw by WillAffleckUW · 2017-03-16 06:28 · Score: 1
  
  A flaw has no website. Is this what a girl wishes?
  
  --
  -- Tigger warning: This post may contain tiggers! --
4. Re:A website has a flaw by Opportunist · 2017-03-16 06:33 · Score: 1
  
  It's Samsung. Why should their Webpage be more current than their products?
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Buying directly from a manufacturer? by Anonymous Coward · 2017-03-16 06:05 · Score: 0

what am I, made of money?
Spy TV by Anonymous Coward · 2017-03-16 06:20 · Score: 0

Do you think this company gives ONE SHIT about YOUR PRIVACY?
These are the ppl. that pioneered the SPY TV. EAST GERMANY would be JELLIS. Nobody would have stood for this SPYING 20 years ago. Now it's NORMAL, and ppl. PAY FOR THIS PRIVILEGE. What has happened?
1. Re:Spy TV by Opportunist · 2017-03-16 06:34 · Score: 1
  
  *sniff*
  If only Mielke could be alive and see how much we learned from him and how we improved beyond his wildest dreams.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
2. Re:Spy TV by Anonymous Coward · 2017-03-16 07:45 · Score: 0
  
  I understand the spying in the US is far worse than East Germany. The people are afraid to speak out due to the jack boots of the N$A pushing down on their necks.
  CAPTCHA: Encrypt
Selling /. by Anonymous Coward · 2017-03-16 06:20 · Score: 0

This article was published on CNET 10 minutes ago, and on Slashdot 5 minutes ago. So, mister mod, for how much are you selling Slashdot placement for?
1. Re:Selling /. by Anonymous Coward · 2017-03-16 06:25 · Score: 0
  
  Probably little to nothing. This site isn't influential enough anymore to be worthy of spending money.
2. Re:Selling /. by Anonymous Coward · 2017-03-16 06:32 · Score: 0
  
  “Slashdot Media delivers on guarantees and care about our experience and feedback. We look forward to our continued efforts as our programs grow and evolve in the coming years. Thank you Slashdot Media for the awesome partnership!”
  --Marketing Manager, Microsoft
  Can we use your name on our promotional material?
  fuck no lol
And your home by OneHundredAndTen · 2017-03-16 06:21 · Score: 2

Not in vain is Samsung known for its explosive products.
Amazon rules by mi · 2017-03-16 06:25 · Score: 2

Yeah, but a 1990's style flaw in 2017? It's like they're not even trying.
No one is trying, it seems. Except Amazon — the only online seller I know, with advanced features like order-correction after placement, etc.
Maybe, Samsung really should quit trying — stick to manufacturing, which is their area of expertise, and leave retail sales to professionals in that area.

--
In Soviet Washington the swamp drains you.
Data is a Liability Not an Asset by Anonymous Coward · 2017-03-16 06:29 · Score: 0

All these big companies need to completely re-evaluate their understanding of data collection, and more importantly data retention.
Two principles all companies should adopt:
(1) Only collect data that has a well-understood and valuable use
(2) Delete the data after that use is accomplished or that value is degraded
Because data that is not valuable to you is still going to be valuable to criminals, so keeping it around is just doing those criminals a favor.
1. Re:Data is a Liability Not an Asset by Opportunist · 2017-03-16 06:36 · Score: 1
  
  As long as you don't get punished for carelessly losing customer data, it's not a liability. At best it's something you can sell. At worst it's something you don't give a fuck about.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
2. Re:Data is a Liability Not an Asset by Anonymous Coward · 2017-03-16 06:49 · Score: 0
  
  Punishment can come in multiple forms. And while I am in favor of legal punishment, there are other kinds of punishment too. Such as the hit on sales that Target took after their breach.
3. Re:Data is a Liability Not an Asset by Opportunist · 2017-03-17 23:45 · Score: 1
  
  That happens way too rarely to register in risk assessment and management. Look at Sony and how many blunders they had. And? Not even a dent in the sales.
  Legal punishment is the only one that is reliable enough to make corporations care. Because it WILL happen, there is no uncertainty involved.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Slashdot isn't even trying by hackwrench · 2017-03-16 06:44 · Score: 1

It still offers a bookmark to automatically log you in.
Another BS headline. by gfxguy · 2017-03-16 06:49 · Score: 4, Informative

Probably 99% of people buying Samsung products online did NOT buy it from Samsung directly.

--
Stupid sexy Flanders.
1. Re:Another BS headline. by Anonymous Coward · 2017-03-16 07:27 · Score: 0
  
  Probably 99% of people buying Samsung products online did NOT buy it from Samsung directly.
  They've had some pretty good sales lately. I did.
and your info is searchable in Google by Anonymous Coward · 2017-03-16 07:16 · Score: 0

Summary fails to mention that anyone can do a Google search and find your order information.
If you ordered from Samsung's store by HideyoshiJP · 2017-03-16 07:33 · Score: 1

You messed up. I bought a TV for my brother from the Samsung web store in December. No indication this TV was on back-order. I got no status updates for weeks. Finding your order status if you chose not to create yet another account is a chore the first time. The only positives that came from it were the fact that I *was* able to order without an account, and that they upgraded our Black Friday model 6290 to a 6300. It almost made up for the experience.
If you buy a Samsung TV: by LordHighExecutioner · 2017-03-16 07:43 · Score: 1

don't worry if your personal data is made accessible online. You should only worry that your home is easily accessible to the fire brigade. It is a Samsung product, after all!
No problem by PPH · 2017-03-16 08:02 · Score: 2

I buy all my AV gear out of the back of vans in parking lots.

--
Have gnu, will travel.
1. Re:No problem by Neuronwelder · 2017-03-16 11:02 · Score: 1
  
  Hey! I think you got something here.. How about Private Parts as a logo for the van?
Such clickbait by Anonymous Coward · 2017-03-16 09:03 · Score: 1

This is an absurd article.
Having just bought a TV from Samsung, This is one of many shippers that Samsung uses. It is no different from UPS, FedEx, or any other shipper. The IDs sometimes get re-used, and that will include some identifiable information.
This is in no way Samsung's fault... Any more than anybody else that uses this shipper.
Sheer click bait.
Should AGI fix their tracking system to be more secure? sure. Does it have anything to do with Samsung? No, not really. I mean, as a customer Samsung should pressure AGI, but it is a different company completely...
Done! by mlauzon · 2017-03-16 09:19 · Score: 0

I am officially done with this shitty site, I won't be checking to see if I got voted down, I am logging out & never coming back. I submitted this nearly an hour before, but yet this one gets posted instead; so fuck slashdot, and fuck all the owners, they can all go fuck their children which I know they love to do!!!

--
Michael
http://s1.sfgame.us/index.php?rec=58163
1. Re:Done! by Nunya666 · 2017-03-16 10:29 · Score: 1
  
  I am officially done with this shitty site, I won't be checking to see if I got voted down, I am logging out & never coming back. I submitted this nearly an hour before, but yet this one gets posted instead; so fuck slashdot, and fuck all the owners, they can all go fuck their children which I know they love to do!!!
  Don't let the door hit you in the ass on the way out.
Completely deceptive summary here by Anonymous Coward · 2017-03-16 11:09 · Score: 0

So not about buying tvs specifically, not about buying online generically. What a load of bollocks.