I made a purchase of coffee from one of our forum mates here, and went to check on the progress. I accidentally put in the order number from another order I made elsewhere (also a SOL site) and had the tracking information from the incorrect order number show up.

Basically that tells me that the "order database" isn't that secure, if I can put an order number in from one site into the tracking box on another site and it brings up the order.

Am I the first to notice this?

Scary - but not surprising considering how they have the shared database for everything. I hope you reported this breach in security to SOL.

I just tried to duplicate what you did Leo and this is what I got.


Status
Order Does Not Exist

This order number is from an order on mycoffeegourmet, try putting in my tracking and see what happens.

200701171516102961

I haven't reported it as yet in case it's just a minor glitch on my end.

yep, that's why I took off my tracking @ my store.
Beth is correct - All SOL stores - including the checkout - are managed by SOL's database.
I use Stamps.com, which sends e-mails automatically to the customers, with tracking info etc - if they don't have an e-mail - I call them and give them their lucky numbers to track.

I just tried tracking that number on all three sites and got the same results as above. It wouldn't track.

Sho,
He is right - that tracking number he gave worked on HIS store - and HIS store is not the one that he ordered from.

So, I went to this store: http://www.rctoys4us.com/ and entered the same tracking number and it also came up with his coffee order from the 3rd store.

Sho,
He is right - that tracking number he gave worked on HIS store - and HIS store is not the one that he ordered from.

So, I went to this store: http://www.rctoys4us.com/ and entered the same tracking number and it also came up with his coffee order from the 3rd store.

Interestingly enough Beth, my store, the one I ordered from, and the 3rd you checked are all owned by Canadians.

Well, here's one in Alabama it works on - it's worked on every 5.0 site I've tried it on:
http://www.bestskinlotion.com/

And this one in the UK:
http://www.healthyworld4u.co.uk/home

I guess this is enough testing to verify that it's not just a glitch.

What do I do now and to whom should it be directed?

I would inform chat or call - and I would ask that it be escalated as it is a security breach.

Stop the presses! It is PRO 5 sites that are breached. All mine are 4.0 and it wouldn't work on them.

Tell security don't waste their time on 4. It's only happening on 5.

Just one more reason that 5 is not as good as 4 in my opinion.

Will do, thanks Ladies.

Leo,

You should at least notify the merchant involved that his security is being breached!

I don't use the tracking features as I stay in touch with all of my customers by email with tracking numbers etc. I think I may just take it off now that I know this is happening.

I tried going to your site and you are right, it does come up on yours.

Good thing I just leaf through posts once in a while!

You should at least notify the merchant involved that his security is being breached!


Ok I will, Chris, your security is being breached. I discovered this while checking out the tracking for my order from your site.

BTW, I got notice this morning that it's at the local post office and there doesn't seem to be any duty charges on it! I'd say the experiment was a success.

Hey there, this is funny, rctoys4us is my site !!!!, so If I started selling coffee on your behalf you owe me $13 (50/50) :)

This is totally unacceptable, I though since their structure was under /store/licence#/.. everything was well delimited ... seems that is not.

I will make a complain as well.

Cheers

Alejandro

Alex,

This is not a problem with me but if anyone checks an order for radio controlled toys on my coffee site you owe me 75%. Yeah I know it is higher but this called negotiating!!! *LOL* I should work for a merchant account I think!

This is just one more reason I am leaving stores online soon!

Don't worry you can try 200606201059193660 is one of mine on your site and it will show up ... so at the end I finish owing you money :)

There is no security at all I'm going to shout very loud this at SOL

Alex,

I tried it on my site and sure enough it showed up for a stealth bomber glider.. This is too much! I am not going to complain as I am getting ready to move anyways but this will be part of my letter when I ask for my refund, along with downtime, all the lies I was told, etc etc. Let me know what they say about this. I think Leo was going to email or call them too.

You need to complain too... and make notes, as its documentation of your grievances.

Im not surprised at this issue in the least, no files are separated by any sort of structure other than the file number. Its like you put everything in your hard in no folder at all, everything is just dumped and mingled together. Im surprised it hasnt happened or been discovered much sooner.

Karen

Stop the presses! It is PRO 5 sites that are breached. All mine are 4.0 and it wouldn't work on them.

Tell security don't waste their time on 4. It's only happening on 5.

Just one more reason that 5 is not as good as 4 in my opinion.

Shoshana
Your statement above would be applicable to an order made on a Pro site not showing up on a V4 site, but what would happen if you entered a tracking or order number from a V4 site on another V4 store would the same thing be happening.

I think more testing is definately in order. I also don't expect SoL to do anything as I am of the opinion they know all about it and have done for years.

+

what's really getting me, SOL is requires a SSL connection for FTP in the 5.0 version - it's like putting in a Fort Knox Safe Door in your house, while there are no walls attached to it.


SOL is all "faux" - big mouth, with maybe 10% working (on a sunny day)
The only moments, they use their "message" system, telling, when they are closed, and we have to click "understand" and "accept" ( at the same time, which they do on purpose - afterwards they claim," 100% accept our dream (nightmare) ol'Mule service"

I discovered this while checking out the tracking for my order from your site.

BTW, I got notice this morning that it's at the local post office and there doesn't seem to be any duty charges on it! I'd say the experiment was a success.

Canada does not charge duty on any food product made in the USA. I was told this by an agent with CBSA last year.

You may be confusing duty with brokerage that is levied by private delivery companies such as UPS and FedEx on ground shipments. Brokerage is the fee that everybody despises and typically runs $30-50.

You are right on that one. While there is no duties, UPS would charge me through the ying yang for the brokerage. That is the reason I cannot sell to Canada :(. I also ordered some of my coffee and it was mailed to me by the roaster, but they were none to happy about having to take it to the post office and fill out the forms to mail it to me. I probably won't order any more for a long time now!

I thought that with the NAFTA agreement it would be easy to ship to Canada, but it should be called the NADA agreement!!!

I think NAFTA only works for Mexico and Indonesia, so they can farm out all the jobs they claim nobody wants for pennies on the dollar.

Karen

Karen,

NAFTA stands for North American Free Trade Agreement. It is an agreement between Canada, Mexico and the U.S. The document itself is huge and you have to be a Rhodes scholar to understand it. It is full of legal mumbo jumbo and basically means that no matter what you import you will get charged brokerage by the criminals that make the rules! LOL

Just thought I would clear it up for ya!

Chris

I KNOW what it stands for I was making a funny!

GEESSH... KIDS

Karen

After talking to the Stores Online Customer Service Supervisor yesterday and informing him of this situation, I was told this was a major problem that he was not aware of and that it would be taken care of by today.

Well I just went to Leo's site and tried an order number and guess what? It STILL COMES UP! I will email support and inform them, that way it is a paper trail involved.

Am I suprised, NO! Another promise they can't keep... still more frustration with sol!

Hi, I was notified that the orders problem was solved, I have checked out and I can't see other orders and mine are not shown up as well.

Regards