Loading Dock Chaos: Retail CIO Had No Idea What His Passwords Could Do
A multi-billion-dollar regional retail chain this year discovered its supply-chain was opened to the world when Google posted a key password
WHIPPANY, N.J., March 31, 2011 /PRNewswire/ -- What happens when the keys to a retailer's supply chain show up on Google? In the case of one multi-billion-dollar regional chain this week, it resulted in the ability of anyone to change the information of all loads expected at the retailer's distribution centers -- dates, times, contents of the load, number of pieces, weight, pallets, the product ready date and the vendor call date, according to a report in today's edition of StorefrontBacktalk.
"This represents a critical security breach, one that started with the simple decision to put a confidential manual in a Web site subdirectory. That single password -- which was printed in that Google-available PDF -- unlocked a third-party's servers and revealed a supply-chain security hole large enough to drive a fleet of Mack trucks through," said StorefrontBacktalk Editor Evan Schuman.
What started this week with an analyst's accidental discovery of a retailer's confidential supply-chain manual PDF during a Google search morphed into a series of mega-headaches for the chain's CIO. That now publicly available password opened detailed reports on every single shipment the chain did for as many months as the visitor wanted to see, including details of future shipments and the ability to edit and change those freight schedules. Although the system was supposed to first require shipment details from the user, it actually provided those details to anyone following on-screen guidance.
The full report is available at http://storefrontbacktalk.com/supply-chain/loading-dock-chaos-cio-had-no-idea-what-his-passwords-could-do/.
About StorefrontBacktalk
StorefrontBacktalk® is an editorial site that tracks retail technology, E-Commerce and Mobile issues for retail chain IT executives and those who need to understand retail trends. With more than 50,000 subscribers to its monthly newsletter -- in addition to visitors to its Web and various mobile sites -- StorefrontBacktalk is a widely respected independent watcher of retail technology issues. It's been quoted in more than 100 media outlets, including BusinessWeek, Wall Street Journal, Reuters, CBSNews, CNN, FoxNews, Computerworld, Wired, The Los Angeles Times, ConsumerReports.org, CNET, U.S. News & World Report, Austin American-Statesman, USA Today, The Boston Globe and The American Banker. More background is available at http://www.storefrontbacktalk.com/who-is-storefrontbacktalk.
CONTACT: Evan Schuman, 973-993-8098, [email protected]
SOURCE StorefrontBacktalk
Share this article