Computerworld - America Online Inc. is acknowledging an "issue" that allowed some of its members to gain access to online financial portfolios of other members. But the Internet service provider downplayed the incident, saying no personal identifying information such as usernames or credit card numbers was ever compromised.
"We've heard from a handful of members yesterday who brought it to our attention," AOL spokesman Nicholas Graham said today. "So we've been in the process of looking into what the situation is, and we've taken some immediate corrective steps to address the issue. Although there is no more information, we're working very diligently to provide a resolution to it as soon as possible."
Among those upset by what he called a security breach is Michael Szkaradek, an attorney and Certified Public Accountant in Santa Ana, Calif. Szkaradek spoke with Computerworld yesterday about the incident, which he said occurred when he logged onto AOL's Personal Finance page to check his portfolio and was given another user's portfolio. He said it was the second time in a month he entered his own account information and got a different account.
"I have various portfolios set up so that I can track not only my investments but proposed investments as well, so I signed on last month and I got a completely erroneous set of investments," Szkaradek said.
At the time, Szkaradek said he thought AOL had simply crossed the accounts. Because he has more than one screen name, he assumed the company had taken an old set of portfolios and displayed them on his current one.
"I didn't think it was that big a deal because I figured something just got crossed within my accounts," he said. "But they gave me a way to fix it and then it worked fine."
Then yesterday Szkaradek got someone else's portfolio when he logged onto AOL, and he later supplied Computerworld with screenshots of the other user's portfolio information to back up his story.
"It wasn't even related to me," he said. "It very much shocked me because someone else could be looking at mine, and anybody could be looking at anybody's."
Szkaradek started poking around in the other user's portfolio and decided to add information to that account to let the other person know that AOL had let him access the account. "I told him to give me a call and I gave him my phone number and left my e-mail address," he said. "I didn't try to delete any of his portfolios, but it was clear to
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
