[quote author=BellisimaJ. link=topic=9139.msg71143#msg71143 date=1215400261]
Quote:Agreed there should have been SSL on the site. That's why we told everyone up front there wasn't. The only information submitted to us was the same info most online sellers have posted on their Website 'Contact Us' page...Name, address, phone number and email address.
I am certain that you realize that that info is all that is required for identity theft. But, I am curious. You state that they ALL knew that they were at risk of ID theft, and that they agreed to this? If so, then that is another thing altogether.
If you did not explain the risk to them, then you are still wrong. i wouldn't have done it no matter if the others wished me to or not. I wouldn't be able to live with myself if something happened and someone's life was destroyed by an id theft.
[/quote]
Actually, you do need a bit more than just a name, address, phone, and email to commit identity theft. Name, address, phone number... AT&T gives that info out. I can contact any member of any site and wait for their response to get their email address. That is freely available info. Where the concern lies is with "sensitive" information. We are talking SSN, credit cards, and even Paypal email addresses. The issue that PH, aSs, HB, and all the others in the list have is that these sites show selling history, and have Paypal email addresses stored on the site. That is all the info you need to commit identity theft with Paypal... if a thief has the dates products are paid for, then the public info becomes dangerous. But, without the "sensitive" information, the "public" information is useless to a thief.
There was nothing whatsoever on TTP that could not be found with a simple emailed question to the seller, and a quick followup in the phone book.
Does it mean it does not need SSL installed to register and use it? That is up to each user, but it will not lead to identity theft. If there is nothing to link sales to an account, then there is nothing to link into any payment system for a hacker. Without information that can be found in the auction sites, such as sales/payment dates, and a login email to a Paypal account, you can't commit ID theft with the info on TTP. But, you can with aSs, HB, Blujay, or any of the other sites without SSL that has all that info available.