Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Sallie Mae Security
Date: March 24, 2007 06:30PM

This is a copy of a post I posted on another forum. Wondering if anyone has has similar issues with Sallie Mae.


I have a student loan with Salliemae which I applied for over the phone back in April.

Well the company has screwed up multiple times with protecting my information.

1. They got my address AND last name wrong in application. So my Promissory Note and loan information which includes documents with my social security number, name address etc were sent to someone else. Who? I don't know.

2. After discovering this screwup I called to have a copy of the note sent to me and asked my social security number not appear in the document for security reasons. Well they did just that by sending me a copy with my SSN marked out with a black marker. Yes you heard that right, a mere black marker was used so SSN could be viewed when put up to light.

3. Of course when asking to have my account number changed due to the fact it may be compromised they said they cant do that. Wow, so what happens in those cases, they let the account be compromised? So thoughtful of them thinking about my security as a priority.

4. I created an account in Salliemae.com to manage my loans, well first main page has login form not SSL so insecure. Luckily I know better so accessed HTTPS. Well after done with that I logout, oops forgot to do something so need to login again. But behold they have redirected you to an insecure login page. Nice of them to be so considerate. =o)

5. Three days ago I receive an email with the following text:
Quote

You are receiving this email with information regarding your Sallie
Mae(r) student loan account.

Your account updates are viewable in the attached PDF document. The file
is password-protected and you need to enter your Social Security number
to open it.

Please keep in mind these personal safeguards:

- Save the document to your computer and disconnect from the Web before
opening it.
- Only use a personal computer to view the file--do not use a public
computer.

So a document I never requested which they easily could have provided a link to access from within my account SSL protected they sent me. Not only does it says in email the password is my social (without the -'s) so 123456789. Wow password cracker needs to crack a 9 character numeric password, how hard can that be? To add irony to the situation they try to be smart and talk about security in the email.

6. Complaining to management about it yields nothing of course. To add upon security concerns the whole customer support is outsourced somewhere on the other side of the worl which makes me uncomfortable giving out my social to them each and every time, knowing for a fact that in the news outsourced employees at some bank has stolen customer account details and sold them. Seeing that they fall under the laws in their country which are not as strict as the laws in this country makes me nervous that if something does happen nothing much will be done.

Options: ReplyQuote


Sorry, only registered users may post in this forum.