The question in my mind is; why would anyone who just wanted to make a service appointmnet spend hours looking for a security breach and then downloading 1000 credit applications? IF, they had a real job? Obviously they had A LOT of time on their hands. This hardly sounds quite as innocent or helpful as this is currently being portrayed. There is an old retail saying "people can always spot a shoplifter if they are determined to find someone doing something wrong." I also question your tactics in interviewing the victims of this so called "good samartian" at the expense of the car dealerships before contacting dealerskins to notify them of the problem. Dealerskins should have been given a chance to contact its customers to inform them of the situation before you called anyone. Maybe your motivations in this situation are not quite so innocent either. The Internet is the fastest growing tool for the consumer to shop the automotive industry. It is also the fastest growing medium for the dealerships to off set the fear many people have when entering a dealership to shop for a car. At a time when both consumers and dealerships are looking to use technology to build new and better relationships, how dare you deliberately create distrust for both parties for your personal need for sensationalism. You created more real victims than any potential problem might have. The question in my mind is what did you and your security hacker hope to get out of it? New, well heeled clients I suspect.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/7067/22561#22561