I happen to have a fairly generic Hotmail address as a ‘spare’ e-mail account, and routinely get e-mails from companies where someone has signed up to a website using my address.
The best behaved include an ‘activation link’ before the account can be used, verifying that the e-mail address really does belong to that person before allowing them to use the site. (Bonus points for including a ‘deactivation link’ in the e-mail straight away, that makes my life a lot easier.) Sadly, a great number of websites decide to take everything on trust and happily send out a welcome e-mail without doing any verification.
OK… so no big deal. The initial e-mail usually includes a username and password so I can log on, close whatever stupid account has been opened, and move on. In the rare and annoying cases where no ‘Delete my account’ is available I can always change the e-mail address (no verification, remember?) and password, ensuring it becomes a dead account that no-one has access to. Good. Shame on you for abusing my e-mail address in the first place.
Today, however, this happened with Juno Records. Not only did they happily let someone sign up to this site, they also allowed them to buy products on it, all without checking the e-mail address was genuine! It gets worse. Here’s a screenshot from the site:Oh lovely! So you’re giving me… everything about them, plus their credit card details. Super. To be fair, the full credit card number was not printed (everything else was, though), so I couldn’t have gone off on a shopping spree on any site – but I could have changed the address and ordered away? Do you really think the holder of the account, as stupid as they might have been to sign up with my address, would be happy with that?
This is sloppy design that puts people at risk.