I Hope You Don’t Have a Borders Rewards Card

Up until Monday night, anyone could have gone on the web and messed with your account.

About 3 days ago one Borders employee decided to share with the world that the Borders Reward website was open to the web. Anyone who  knew the address could have searched for an account and edited any of the information. No, seriously, it used to be right here. I saw it. I even went in and changed details on my Borders Rewards account (I get the teacher discount now).

Are you freaked out yet? You should be. The site is down now, but no one knows how long this security breach has been open. But my guess is that it’s been open ever since the site was launched. Borders was probably relying on security through obscurity. So long as no one knew about it (besides the vast numbers of Borders employees), it was safe.

I heard about this site on Saturday, and I held the story. I was waiting for a friend to tell me if he thought it could be hacked. I never did get an answer, unfortunately.  It would have been interesting to find out if he could have messed with the database (not just one entry). But the site is down now, so it doesn’t matter.

image by chelmsfordblue

Related Stories
Mediabistro Course

Pinterest Marketing

Pinterest MarketingPin your way to a wider audience! Starting December 1, work with the VP of Marketing at SheKnows to learn how to leverage Pinterest for your brand. In this course, you'll learn how to create a Pinterest Playbook to develop and measure your marketing strategy, grow a follower base, run an effective contest, and stay updated on the best practices for this platform. Register now!