September 1, 2010 at 18:23The line between personal and confidential
In the era of social networks, the line between personal and confidential data is gradually erased. Many people tell the whole World what and where they are doing at the moment with an error of up to five meters, and no one is worried.
But what if these and more confidential data are available to anyone without your knowledge?
How? The answer is simple as the idea itself and the convenience of a service called Internet banking. It is very convenient to control the account and know where the money is spent from your credit card by reading the RSS feed in your favorite reader through a secure connection. It’s convenient and safe, but not always ...
This morning, after reading all my Google Reader feeds and having some more free time, I decided to read the Recommended News. Attention was drawn to the following entry in the tape:
Apparently Google decided that I would be interested in the channel to which my fellow countryman from Dnepropetrovsk subscribed. Everything would be fine if it were not for the channel for issuing customer accounts of one of the popular Ukrainian banks.
Opening the channel, I learned a lot about the customer, such as:
Full name and address of residence, as the client paid for the intercom service:
Which domains he bought:
What computer he allegedly uses:
And also where and for what amount he bought food, various goods, dined at restaurants, refueling cars and in which cities it was judging by the addresses of the terminals.
From the first record dated 03.03.2010 , the reader faithfully collected 115 accounts and showed in the public domain.
I am a decent person, so I immediately contacted the online banking support service indicating the problem of access to confidential data. I spent about an hour reporting a problem due to technical support chat issues. Each time, the operator persistently asked for my contact details, but knowing about the long arms of this bank and being afraid of people in black who would come to me with a “forgetter”, politely declined to answer, referring to the lack of my connection with the client and Internet banking in general.
As a result, I got the answer that the problem was not theirs, but the client who added the RSS feed to the reader, thereby personally gave access to my accounts:
I brought only the end of the conversation, because Above said that there were problems with the chat - I was constantly knocked out of there.
The answer did not completely satisfy me. But what about bank secrecy, the protection of confidential information? Is it really that simple a person can personally give public access to his accounts and in general to his life? Therefore, I decided to contact the client directly. It was not difficult to find him, since I knew all the information about him. Calling him at work, I described the situation to him. From the conversation I realized that he simply added RSS from the bank account to the Google Reader account, not assuming that everything would turn out like that.
Thanking each other, we said goodbye to this.
The sense of accomplishment overwhelmed me, but today's events made me seriously think about the role of Google in our lives, about credit cards and bank secrecy.
All three sides of this story are to some extent guilty, Google because by default it gives you access to personal feeds, the bank - because it lets Google spiders read the feed, and of course an inattentive client.
Be careful always and everywhere!
But what if these and more confidential data are available to anyone without your knowledge?
How? The answer is simple as the idea itself and the convenience of a service called Internet banking. It is very convenient to control the account and know where the money is spent from your credit card by reading the RSS feed in your favorite reader through a secure connection. It’s convenient and safe, but not always ...
This morning, after reading all my Google Reader feeds and having some more free time, I decided to read the Recommended News. Attention was drawn to the following entry in the tape:
Apparently Google decided that I would be interested in the channel to which my fellow countryman from Dnepropetrovsk subscribed. Everything would be fine if it were not for the channel for issuing customer accounts of one of the popular Ukrainian banks.
Opening the channel, I learned a lot about the customer, such as:
Full name and address of residence, as the client paid for the intercom service:
Which domains he bought:
What computer he allegedly uses:
And also where and for what amount he bought food, various goods, dined at restaurants, refueling cars and in which cities it was judging by the addresses of the terminals.
From the first record dated 03.03.2010 , the reader faithfully collected 115 accounts and showed in the public domain.
I am a decent person, so I immediately contacted the online banking support service indicating the problem of access to confidential data. I spent about an hour reporting a problem due to technical support chat issues. Each time, the operator persistently asked for my contact details, but knowing about the long arms of this bank and being afraid of people in black who would come to me with a “forgetter”, politely declined to answer, referring to the lack of my connection with the client and Internet banking in general.
As a result, I got the answer that the problem was not theirs, but the client who added the RSS feed to the reader, thereby personally gave access to my accounts:
I brought only the end of the conversation, because Above said that there were problems with the chat - I was constantly knocked out of there.
The answer did not completely satisfy me. But what about bank secrecy, the protection of confidential information? Is it really that simple a person can personally give public access to his accounts and in general to his life? Therefore, I decided to contact the client directly. It was not difficult to find him, since I knew all the information about him. Calling him at work, I described the situation to him. From the conversation I realized that he simply added RSS from the bank account to the Google Reader account, not assuming that everything would turn out like that.
Thanking each other, we said goodbye to this.
The sense of accomplishment overwhelmed me, but today's events made me seriously think about the role of Google in our lives, about credit cards and bank secrecy.
All three sides of this story are to some extent guilty, Google because by default it gives you access to personal feeds, the bank - because it lets Google spiders read the feed, and of course an inattentive client.
Be careful always and everywhere!