Turbotax web application security vulnerability.

12 April 2007

A customer of the Turbo Tax web application discovered by accident that it is possible to look at tax information belonging to other customers who happen to share your last name by attempting to view past tax filings. By 'tax information' I mean everything, from Social Security Numbers to bank account numbers and routing codes.

Here's hoping they audited the code in that web app and fixed it before anyone else had a chance to discover the bug, and take advantage of it.