Boycott - a refusal to have dealings with an organization in order to express disapproval

I have a boycott policy against the Toyota Mall of Georgia

The Toyota Mall of Georgia was added to my boycott list due to failure to secure their web site, even after proper notice was given of a security breach.

When my car died and I was in the market to buy a new vehicle, I decided upon purchasing a new truck. I went to the Internet to research the makes and models, and narrowed it down between a Mazda or a Toyota. The Toyota Mall of Georgia runs lots of advertisements on TV so I decided to check out their inventory through their web site.

I surfed to the web site, and crash! I was presented with an error message. I was shocked to see the root password to their database to be included in the text of the error message. I couldn't believe what I was seeing, so restarted my web browser and Boom! The site crashed again!!!

I looked closely at the error message, and narrowed down the cause of the crash to a bug in their javascript. My company runs off of Linux computers, and there are no Microsoft products used in our network. When the script checked for my browser type, it looked for either Netscape or Internet Explorer. Since it received a response that wasn't expected, it crashed.

The first rule is never use an easy password - they had broken this cardinal rule and their root password was easy to guess. You also never give out too much information with your error messages. You also never use the "root" password for routine communication, it is only supposed to be used for system administration. There was a whole list of broken rules and bad practices, I wasn't sure where to start.

I called them and asked to speak with whoever was in charge of their web site security. I got passed from person to person and no one took my call seriously. I tried to explain that with the root password, someone could hack their web site, see all of their financial records, and steal all of their customer data.

After playing phone tag all afternoon, I finally just called and asked to speak with the highest level of management that was available. They listened to me, but then wanted to see this for themselves. They surfed to their own web site and said, "We don't see anything wrong - it is working fine!" I tried to explain that since they were looking at it with Internet Explorer, the site wouldn't crash because it recognized the web browser. I explained that they would have to use a different web browser to see it crash, but they acted like I was making all of this up!

Instead of arguing with them, I captured the screen of my computer, and then I faxed them the image along with arrows and explanations of what they were seeing.

I never heard back from them, and for several weeks when I tried to research a Toyota truck, the site still crashed. The first thing you do after a security breach is to change all of the passwords. There was the same root password display to me, everytime I viewed their web site.

Since they never took this security issue seriously, I gave up on them and bought a Mazda. The last time I checked, the password has never changed...

Back to Boycott List or Back to Main Menu