I was on Blockbuster's customer support website a few days ago, and I stumbled on a page that lets you login as ANYONE without a password. At first I thought maybe I just had cookies enabled or such, but I tried a few other email address of relatives that had blockbuster and it just let me into their accounts. Right away you can see where they live, their full name, phone number, and a bit more personal information. You can't see their movies list. You CAN, however, update this information and it really does save it to the database. Meaning.......whoever has this public blockbuster URL can change the mailing address of all blockbuster customers. Ya....its big. I called blockbuster support to report the issue, but it isn't fixed yet. I was hoping they would at least offer me a free yearly membership for reporting this, but, sadly they didn't. My question is, what should I do about this? What if they don't fix this soon?? My account is exposed and changeable, as is everyone else who has an account with blockbuster. Do I take it to a local news station? (and no, i will not PM you the url)
The page looks very very old. I think it is a remnant of the old blockbuster site. At the bottom it has the year 2004 by the copyright. I think they just forgot to take this page off the web. Then over the years, this directory became public and the HTML form still has live access to their database.