WHSmith Hacks Itself and Distributes Personal Details via Email

By Gary Cutlack on at

A bizarre glitch on the WHSmith web site caused the shop's online portal to email out personal customer details en masse, with users of the site's contact form receiving bundles of personal details of other account holders -- including names, addresses, phone numbers and more.

The glitch saw those who tried to contact the site using its embedded mailform have their details broadcast to others, with the server sending the contact details entered out to a basket of other account holders. Furious recent users of the site had their email boxes flooded with message this morning, with emails headed "New Contact Message Submitted" and containing whatever details and messages the writer intended to send to the newsagent chain.

The shop's social media presence is currently unaware of the issue or little more than an unresponsive scheduled interaction bot, simply offering your usual tweet contests and RT drivel at time of writing. However, someone's working away on it behind the scenes, as the rogue contact form in question has disappeared from the shop's Contact Us page and has been replaced by a presumably more reliable collection of phone numbers and email addresses you can use to complain about things. [Guardian]

Image credit: WHS_Carpet