Join Sears’ SHC Online Community, get tons of spyware! According to the CA Security Advisor Research blog:
Every website visitor that joins the Sears community installs software that acts as a proxy to every web transaction made on the compromised computer. In other words, if you have installed Sears software (“the proxy”) on your system, all data transmitted to and from your system will be intercepted.
And they really do mean all data, from key-logging secure sessions to reading the header lines of personal email, and even recording “the pace and style with which you enter information online.” That’s so very… comprehensive. (I can’t help but note that this is PC-only. Macs are safe.)
Rob Harles, the VP of the Sears SHC Online community, denied that any such spying was taking place. Too bad Harles used to be the senior VP for comScore, the company that created the spyware and collected the Sears data.
Update: This is Eric. Apparently Sears also had a section of their managemyhome.com site that allowed customers to search their purchase history back to 1978. Unfortunately, security was so bad that you could search anyone’s purchase history back to 1978. Sears appears to have taken it down now, though.