Crate, Barrel, Clam Fritter

Security Problems with Crate and Barrel Gift Registry

This weekend I received an email beginning with the following:

Your gift registry is now available to you and your guests at crateandbarrel.com, all Crate and Barrel stores and WeddingChannel.com.

It seemed strange that Crate and Barrel would send me email about a gift registry from my wedding several years ago. But then I noticed that the email was carbon-copied, not to my wife, but to somebody else.

The email contained the registry ID and the password, so I went to CrateAndBarrel.com and logged into the registry. Sure enough, it was somebody else’s registry.

Clam Fritter kitWouldn’t it be funny, I thought, to add some weird items to their registry. After a quick search, I found a “Clam Fritter Kit” — that would fit the bill. I could imagine the bewildered bride-to-be asking her groom “Honey, why did you register for twenty-five clam fritter kits?”

Then I saw the “Update Profile” link and clicked it. Yikes! Suddenly I had access to the account information for the registry!

If I wanted to be mean, I could switch the address and have all those wonderful gifts shipped right to my door. $300 worth of Calphalon cookware would fetch a good price on eBay.

But instead, I decided to send an email both to Crate And Barrel, and (more importantly) to the owner of the registry, notifying them of this security lapse.

Update

My wife received a similar email, with the registry name and password for yet another person’s registry.

Update

In addition to emailing the owners of the registries (who would be motivated to follow through and get this fixed) and to crateandbarrel.com, I actually called Crate and Barrel.

“Oh yes,” said the disinterested call center drone, “there was a glitch this weekend.”

“Umm…” I replied, “do you realize that I can still log into these registries belonging to somebody else?”

“Oh…” she said, and took my name.

I wonder if she will follow through… I kind of doubt it.

Update

I received the following email from Crate and Barrel:

Dear Patrick Fitzgerald,

Thank you for your email.

We apologize that you received an email intended for another Crate and Barrel registrant. We encountered a computer problem for a short period and have now resolved the issue.

We apologize for any inconvenience this may have caused. Should you have any further questions, please reply to this email or call us at 800-967-6696.

Sincerely,
Cynthia
Crate and Barrel Customer Service

While it is nice that they responded, I can still log into somebody else’s registry. I’m going to reply and suggest that they notify all users about this security lapse.

After that, I might just start adding clam fritters to sombody’s registry.

One Response to “Crate, Barrel, Clam Fritter”

  1. Amber says:

    Wow. This is crazy.

    Maybe they have the same engineering team as us! ;)

    You should totally add clam fritter kits to everybody’s registry. I would.

Leave a Reply