Computer magazine PC Pro has highlighted some lax security measures on a couple of popular comparison sites which allows hackers to reveal personal details and the quote history of their visitors.
In the case of CompareTheMarket.com, using just a surname, email address and date of birth – information that is pretty easy to gather – you can get access to a users entire quote history, and probably more worryingly, several items of personal data:
This was enough to unlock a veritable treasure chest of further valuable data including telephone numbers, car registration and make details, occupation, personal details of spouse as well as property details where house insurance quotes were available.
There was a similar problem with Confused.com. Whilst they did need a postcode, as well as the same details required to get into a CompareTheMarket.com account, armed with this info they were then able to reset the account-holder password and then access the quote history of the user.
The comparison sites are probably hoping to make it easier for visitors to return to their quotes without having to remember login details, but in this day and age, only asking for publicly available information is not a sufficient security measure.
Although CompareTheMarket.com have yet to respond to PC Pro’s concerns, Confused.com have stated that they are to upgrade the security for their customers, although no changes have been made to either site yet.
It’s not clear whether you can login to your account on either site to close it down and prevent others accessing your data, or how long you accounts are kept valid for. These are 2 other areas that could do with clearing up.
- comparethemarket.com Launches New App For Instant Energy Price Comparison (July 22, 2015)
- Tips For Avoiding Card Fraud (June 21, 2016)
- Google To Shut Down Their Financial Comparison Service (February 24, 2016)
- Royal London Money Manager Is Closing (September 1, 2016)
- Folio App: Save Small Amounts For Specific Goals (November 30, 2016)