| << Slowing down into the Long Now | 2004 > December | Rework >> |
Tuesday, 7 December 2004
Ticketmaster ::
Last night a friend bought tickets to see the Nutcracker next weekend in San Jose. In the process, she created an account. After completing the transaction, she looked at the account. When she looked at the account, it had a transaction from April, a sale to someone in New Jersey. The previous sale’s credit card number was saved with the account, as well as hers. Fortunately only the trailing digits were visible, not the whole credit card number. The worst that could have happened is that she could have used the other person’s credit card to buy tickets for herself.
She called Ticketmaster and told them what had happened. The customer service agent would not to look at the account, saying that it was a privacy violation. She said, “I am giving you permission to look at my account,” but the agent refused again, and would only suggest that she delete the account. Concerned that the order would be cancelled, she didn’t delete the account and called me. She gave me her login information and I logged in and saw all of this for myself.
If I were the programmer of this system, I’d certainly want to look at this and see what had happened. My guess is that instead of using the customer’s email address as the database key, the system hashes the email address into a numeric key, and my friend’s email address happened to hash to the same key as someone else’s.
| << Slowing down into the Long Now | 2004 > December | Rework >> |