

Gaping hole in Google service exposes thousands to ID theft - denzil_correa
http://www.theregister.co.uk/2012/11/08/google_compare_identity_theft/

======
stephengillie
It's Google Compare, the auto insurance comparator, which is operated by
another company, SSP. Apparently editing a link or a "document" allows you to
view others' info.

 _The Register understands that the flaw lies in third-party software external
to Google Compare, operated by insurance and financial specialist SSP. But
although Google's own in-house systems were not directly compromised, the SSP
system effectively allows criminals to operate Google Compare as a massive
identity theft portal._

------
laserDinosaur
This is why I read comments before clicking on articles.

~~~
wjamesg
Same here; for me, comments tend to be a good indicator of article quality.
Lower quality articles (linkbait, non-original content, etc.) need not get all
the pageviews.

------
capo
So... it wasn't a Google vulnerability.

~~~
pasbesoin
Once you slap your name on it, it becomes your problem (in image, in any
event). I'd argue this is a case where due diligence on the part of Google
failed. [1]

\--

[1] It's also an argument for enabling (including legally) security
researchers to break things. Experience shows you cannot necessarily take
partners at their word.

In the physical world, you will often take and test samples, yourself. You
need to do your own analysis and testing in the digital world, as well.

