I Hope You Don’t Have a Borders Rewards Card

Up until Monday night, anyone could have gone on the web and messed with your account.

About 3 days ago one Borders employee decided to share with the world that the Borders Reward website was open to the web. Anyone who  knew the address could have searched for an account and edited any of the information. No, seriously, it used to be right here. I saw it. I even went in and changed details on my Borders Rewards account (I get the teacher discount now).

Are you freaked out yet? You should be. The site is down now, but no one knows how long this security breach has been open. But my guess is that it’s been open ever since the site was launched. Borders was probably relying on security through obscurity. So long as no one knew about it (besides the vast numbers of Borders employees), it was safe.

I heard about this site on Saturday, and I held the story. I was waiting for a friend to tell me if he thought it could be hacked. I never did get an answer, unfortunately.  It would have been interesting to find out if he could have messed with the database (not just one entry). But the site is down now, so it doesn’t matter.

image by chelmsfordblue

Related Stories
Mediabistro Course

Email Marketing

Email MarketingStarting January 12, learn how to create campaigns that engage subscribers, increase awareness, and drive traffic and sales! In this course, you'll learn how to create effective email campaigns to meet your company's goals and objectives, develop copywriting and design techniques, create and manage distribution lists, and more! Register now!