X
Business
Home Business Executive

Play the Sears privacy game (and get your neighbor's purchase history)

Ben Edelman, an assistant professor at the Harvard Business School and noted anti-spyware researcher, is on Sears' privacy case again.This time, Edelman, tells you how to find another person's purchase history via Sears' "Manage My Home" site.
Written by Larry Dignan, Contributor

Ben Edelman, an assistant professor at the Harvard Business School and noted anti-spyware researcher, is on Sears' privacy case again.

This time, Edelman, tells you how to find another person's purchase history via Sears' "Manage My Home" site.

sears1.png
If you recall, Edelman highlighted how Sears was using ComScore's software to track your online browsing and violate Federal Trade Commission privacy standards.

It gets worse. Create any account, type in the address and phone number of someone you know and find out what they purchased. Nice huh?

Edelman has the walkthrough with screen shots. I verified that Sears is clueless on privacy. With a few clicks I found out my mother in law bought a vacuum cleaner in 1999 from Sears. I could go through my whole neighborhood for giggles.

And just in case you wanted my neighbor's purchase history here it is:

searsa.png

Edelman writes:

Sears offers no security whatsoever to prevent a ManageMyHome user from retrieving another person's purchase history by entering that person's else's name, phone number, and address.

To verify a user's identity, Sears could require information known only to the customer who actually made the prior purchase. For example, Sears could require a code printed on the customer's receipt, a loyalty card number, the date of purchase, or a portion of the user's credit card number. But Sears does nothing of the kind. Instead, Sears only requests name, phone number, and address -- all information available in any White Pages phone book.

Edelman also assesses the IT strategy at Sears and wonders how this privacy hiccup could happen. I can answer that one. Take one bankrupt company (Kmart) that has scrimped on mismanaged IT for years including a supply chain overhaul that failed miserably. Take another company that had an IT strategy (Sears). Slap them together in a merger. Toss out all the management that used to have an IT clue (the Sears folks and CSC). And now milk costs. Have a hedge fund manager--Edward Lampert--preside over the company. And poof you have a retailer--that to Lampert was really acquired for the real estate--that still operates on green screens (I was there a few days ago).

It's pure IT magic--and privacy hell.

Update: As a few talkbackers have noted below, Sears has removed this feature after the latest privacy flap. It's a shame it takes a little bad Web publicity to get the company to honor a little privacy.

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

windows-11-laptop

Microsoft is now showing ads in Windows 11's Start menu. Here's how to block them

Placeholder product image alt text

The best AI image generators to try right now