Let's compare gaping holes in the security of comparison websites...

1 September 2010

confused

Get a quote from a price-comparison website and you might as well just start you own blog filled with loads of your personal information, then go on The One Show and tell Jason and Alex all about it. Those are more or less the findings of the dudes and dudettes at PC Pro, who have discovered just how easy it is to access the personal details of customers of Confused.com and Comparethemarket.com.

With Comparethemarket.com, PC Pro found that all they had to do to access the entire quote history of a customer was to input their email address, surname and date of birth. None of which is particularly hard to find, especially in the era of social networking where people are happy to sleepwalk their way into offering up so much of their private info.

fsImageResize.aspx

By inputting those three simple pieces of information, a whole heap more was available - telephone numbers, car registration and make details, occupation, personal details of spouses as well as property details where house insurance quotes were available. Staggering stuff, and an identity thief’s dream come true.

When it came to Confused.com, PC Pro say that all that was required was to fill in a web form to reset the account-holder’s password before gaining access to quote history and further personal information. They said that any hacked account holder wouldn’t even know that someone had been sniffing aroung in their data as no email confirming the password change was dispatched.

PC Pro say that they have contacted both Confused.com and Comparethemarket.com but at the time of publishing the story earlier today, neither company had tightened up the security on their sites. Confused.com did say: "We take our customers' data protection seriously. We are currently in the process of upgrading our password reset and retrieval methods to enhance security for our customers including use of additional security questions, and this will be available in the near future."

The moral of the story – don’t buy your car insurance off an up-his-own-arse meerkat.

TOPICS:   Privacy   Consumer Advice

14 comments

  • Jason
    Confused.com said niether by postcode or e-mail address was valid...I e-mailed them to highlight their validation bullshittery - from the e-mail address that I had supplied when trying to sign-up - and replied saying nothing was wrong and that I should make sure what I typed was correct! Good job I didn't go with either of these then Is it a lil weird that I didn't even consider comparethemarket.com, solely for the reason that I FUCKING HATE that meerkat?
  • PokeHerPete
    LOL IM GONNA USE COMPARETHEMARKET.COM BECAUSE I THINK THE MEERKAT IS FUNNI LOL, ME AND ALL MY M8S SAY SILLY RADNOM THINKS CAUS WERE SO KOOL LOL I AM 1 OF THE KOOL PPL WHO DONT BUY INTO SHITTY MARKETING, DO U LIKE MY NEW BREO WATCH??????1123
  • The B.
    I use money supermarket but make up details and use my neighbours address, I don't want any junk mail/marketing annoying the crap out of me, let them deal with it, then I use Quidco to go directly to the supplier and get cashback, it's a win/win.
  • Joff
    Don't blame the Meerkats - have you seen the technology they have to work with?
  • klingelton
    i wuv da meerkats. esp the baby ones at twopical world.
  • Nobby
    @ Real Bob. You are like my twin. I do the same. Although I prefer topcashback.
  • PokeHerPete
    But which is better? Quidco or TopCashBack? ..theres only one way to find out... ANAL SEEEEEEEEEEEEX!! For some reason, I don't think I got that quite right.
  • Zeddy
    Since when were meerkats Russian. A load of marketing WE-Buy-ANY-CAR bullshit!
  • The B.
    Ah, Zeddy, you haven't seen the full range of their stupid ads, one of them explained why they moved to Russia.
  • CJT
    This is very worthwhile highlighting. I just went onto confused.com and as I had forgotten my password I click the reset button. All I had to enter was my name, email address and date of birth and the new password I wanted and it was done. No confirmation email. Simply a "click here to sign in with your own password". I could do this with a bunch of my friends! Hell you could do this with any friend on facebook since most people publish their date of birth and email addresses on there.
  • Prothero F.
    MetaCompare.co.uk is a very useful site for comparing the price comparison sites. There are sections for insurance and travel, as well as other pieces of money saving advice.
  • Car E.
    I appreciate your blog. Great Content.
  • price c.
    I'll immediately clutch your rss feed as I can not in finding your email subscription link or e-newsletter service. Do you've any? Please permit me understand in order that I may just subscribe. Thanks.
  • price c.
    That is very interesting, You are a very skilled blogger. I've joined your rss feed and sit up for seeking more of your great post. Additionally, I've shared your web site in my social networks

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment