Up until Monday night, anyone could have gone on the web and messed with your account.
About 3 days ago one Borders employee decided to share with the world that the Borders Reward website was open to the web. Anyone who knew the address could have searched for an account and edited any of the information. No, seriously, it used to be right here. I saw it. I even went in and changed details on my Borders Rewards account (I get the teacher discount now).
Are you freaked out yet? You should be. The site is down now, but no one knows how long this security breach has been open. But my guess is that it’s been open ever since the site was launched. Borders was probably relying on security through obscurity. So long as no one knew about it (besides the vast numbers of Borders employees), it was safe.
I heard about this site on Saturday, and I held the story. I was waiting for a friend to tell me if he thought it could be hacked. I never did get an answer, unfortunately. It would have been interesting to find out if he could have messed with the database (not just one entry). But the site is down now, so it doesn’t matter.
image by chelmsfordblue