Mat Honan, at Wired's Gadget Lab:
“I called Netflix and it was so easy,” he chuckles. “They said, ‘What’s your name?’ and I said, ‘Todd [Redacted],’ gave them his e-mail, and they said, ‘Alright your password is 12345,’ and I was signed in. I saw the last four digits of his credit card. That’s when I filled out the Windows Live password-reset form, which just required the first name and last name of the credit card holder, the last four digits, and the expiration date.” After Mat fell victim to similar social engineering miscreants weeks ago, he has begun investigating how widespread this issue is. What he has found, through a goldmine source, is that this sort of thing is prevalent within the industry. This is a must read article. I applaud Mat for exposing these security issues and hope the MANY companies mentioned in this article will take action to close these vulnerabilities within their systems.