Sears shuts down part of ManageMyHome site

HOFFMAN ESTATES, Ill. Sears is shutting down part of its ManageMyHome site after it was found to reveal the details of consumer purchases, according to reports.

The lax security on the Sears site was pointed out in a blog by Benjamin Edelman, an assistant professor at Harvard Business School. He showed how the site allowed users to view a customers' purchase history by entering their name, phone number and street address into the site.

"To verify a user's identity, Sears could require information known only to the customer who actually made the prior purchase. For example, Sears could require a code printed on the customer's receipt, a loyalty card number, the date of purchase, or a portion of the user's credit card number. But Sears does nothing of the kind. Instead, Sears only requests name, phone number, and address -- all information available in any White Pages phone book," said Edelman.

According to reports, Sears said in an e-mailed statement that it has turned off the ability to view a customer's purchase history on the site.