Marks and Spencer is Today's Data Leakage Scandal Loser

By Gary Cutlack on at

A web site glitch on the portal of M&S let Shopper A see the personal details of Shopper B when logged in yesterday, with the shopping giant taking its entire web presence down last night while it worked out exactly what had gone wrong.

Users after the very latest in jeggings were left unable to place orders as a result, with M&S eventually blaming an internal error for the glitch -- and saying it definitely wasn't a hack. As for what users saw, stuff like names and dates of birth of randomised other shoppers were visible inside accounts, plus a massively more embarrassing list of previous orders was accessible. Someone out there might have seen your pants.

M&S explained it all with: "Due to a technical issue, we temporarily suspended our website yesterday evening. This allowed us to thoroughly investigate and resolve the issue and quickly restore service for our customers."

It said no credit card details were displayed in the accounts admin mixup, although some users looking at their loyalty card balances were temporarily told how many points other random shoppers had accrued -- which may have opened up a brief window during which some point-based discounts may have been grabbed by quick-thinking minor criminals. [BBC]