Patti (whipartist) wrote,

Wall Street Journal: website not so secure?

All mail sent to any address winds up in my mailbox. This means that I routinely get mail that should have gone to addresses,,,, and a few other places.

Today I got a message from addressed to smith AT (not the real address, but it was very clearly lastname AT about my Wall Street Journal subscription. This felt like misaddressed mail rather than spam, so I wandered out to their website.

In the upper left corner of there's a box that allows you to log in with your account number, and below that there's a button that says "I don't know my account #".

I clicked that button, expecting that I'd feed it an email address and it would send the information via email to me... that's fairly common, and has allowed me to manage a lot of subscriptions that were misaddressed to addresses.

The screen I got, however, was very surprising. It asked for an email address and a last name. I made an educated guess that the last name was smith, and voila! I now know that a certain Linda Smith at a university in Pennsylvania has a paid subscription to WSJ through 10/6/2004. I can suspend delivery, renew her subscription, change her address, and any one of a myriad of other interesting and potentially troublesome things. All it would take for me to do this for any subscriber would be to guess their email address and last name.

I've fired off email to what would seem to be the logical address for her ( rather than, asking her to please correct the email address. If I wasn't such a nice person...
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded