Date: 14 June 2004
Incident Type: Vulnerability Disclosure
WASC Threat Classification: Insufficient Authentication, Insufficient Authorization

A billing information system required only phone number and zip code to pull up account details

References:

• A security tale: From vulnerability discovery to disaster [Search Security]