Man logs into dabs.com customer account shocker

Reg (http://www.theregister.co.uk/) reader Dave (not his real name) recently received emails from dabs.com about an order he'd supposedly placed for a digital camera. He received a receipt and despatch confirmation emails. All well and good except that he hadn't placed the order. In fact, Dave didn't even have an account with dabs.com. At this point we might have suspected some kind of phishing scam but Dave's curiosity was piqued. "I checked the emails and then went to dabs.com and tried logging in with my [Hotmail] email address, I don't have a password, but they have a forgot password box, so I clicked on this. "It then asks for the email address registered against the account, this I put in as my own and clicked send. A few moments later I receive an email with a password for the account," he said. At this point Dave discovered he was able to log into the original customer's account".

For the rest of the story, click Here