Protecting Yourself From BN.com Flaw
Answering some questions people have been asking me about the BN.com security flaw I stumbled on.
- Why haven't you contacted Customer Service?
I have contacted BarnesAndNoble.com customer service via e-mail, but haven't received word from them yet. They are unavailable via telephone. I have no idea whether or not it's finding it's way into the hands of people who can fix the problem or was discarded by a customer service rep who doesn't know what to do with it.
- How do I protect myself from this?
If you ever do need to change your e-mail address with BN.com, or already have, simply create a new account with your old e-mail address and that will prevent anyone from gaining access to your account.
- This is just a bug in BN.com code, it doesn't sound like a big deal.
I wouldn't exactly call this a "bug" in BN.com code. Industry standard practice is that you to verify your e-mail address any time you create an account. Any time you will be using your e-mail address for authentication or confirmation, they send you an e-mail. By replying to that e-mail or clicking on a link they send you you confirm that you can receive e-mail at that address.
- Would you shop at BarnesAndNoble.com again?
I still have faith in BarnesAndNoble.com and would order from them again. I hope they fix this problem and continue to provide the excellent service I'm used to.
page first created on Tuesday, July 09, 2002
© Mark Wieczorek