Sainsbury's admits website security blunder

Sainsbury's has promised to beef up its website security after its new home shopping service left credit card details exposed online.

The supermarket giant was left with egg on its face after silicon.com revealed that a design flaw in its SainsburysToYou service meant users could re-access account details by simply using the 'back' button on their web browsers.

At the time Sainsbury's advised users to close their browsers after visiting the site, recommending this action "for any site where you are providing personal details as many secure sites also operate in this way".

Sainsbury's site promised customers could "rest assured" that shopping was safe and transactions protected. "Any page containing your personal details, passwords or payment details is delivered using 128 bit secure socket layer encryption," it said.

But a basic coding mistake meant secure information was not cleared from its pages.

Now the company has admitted its fault and a spokeswoman told silicon.com: "Work is being undertaken at present to resolve this and we expect it to be completed very shortly."

While they're working on it, the development team at Sainsbury's might like to take a closer look at their postcode database. According to website auditors Business2www the information is at least a year out of date - recognising some codes which the Post Office has now scrapped, but not new ones brought in last year.

Claims by the supermarket that its site is only a pilot and has not yet officially launched have angered customers, because the site at www.sainsburystoyou.com makes no mention that it is still under development and allows them full access to its services.