2007/04/13

You Just Filed Your Taxes Online...

What are you gonna do now? Well if you used Turbo Tax's online tax preparation service, we here at Blognonymous would like to suggest:
  • Calling your bank and having fraud alerts placed on your accounts
  • Getting in touch with the three major credit reporting agencies and checking for unusual activity
  • Maybe get fraud alerts for your credit cards as well--you know...if you used one to pay your tax bill
"Why all the panic," you ask? Because Intuit left open a security hole you could drive a truck through. Their web-based tax preparation service apparently isn't too careful about validating user names against particular returns, allowing you to pull up tax information that isn't yours. OW! Big problem!

Though Intuit claims the particular method has been blocked, keep in mind that this is web-based software. It would be a simple matter for a crawler to exercise every link, every path through the Turbo Tax system, in a matter of hours. So if another hole exists, it's sure to be discovered.

Happy Friday the 13th! Enjoy the last weekend before the filing deadline.

14 Comments:

Ut oh (Turbo Tax AND Friday the 13th).
Now that's hinky, Froggie. But I use an accountant.
Man, I am always late with this sort of stuff, filing extension ;)

That security hole stuff is prefect for identity theft types...
I'm amazed that Intuit quality control didn't catch this. I use TurboTax myself, but not the online version--Tax situation is too complex, and this bug doesn't apply to the offline (software) version...obviously.
Just another reason for me to file by hand, like Cheney & Bush do. ~~ D.K.
Nothing like getting ripped by the gov and the tax service on the same day! Wonder if Intuit is liable for the losses their customers might incur.
I'm paying the goddamn IRS when they can show me the law that says they have the right to collect it!!!!!!
I just did file my taxes, nostradamus, like twenty minutes ago, and this post scared the crap out of me. I went back and checked, and luckily I didn't use turbo tax. Next year I'm going with the accountant.
D.K... By hand? Too much effort. I've got to have the program. I'd don't get paid enough (0$ is not enough) to invest the dozens of hours it would take to do my taxes by hand.

Peacechick... I don't know, but I think that it's going to be a huge problem for them if someone's identity really does get stolen.
Lew... That's the spirit, but please try not to get arrested. I'm all out of files and cake mix.

Station Agent... Not to worry it's not the program TurboTax, just the online service (allows you to do your taxes through a Web application).
It's my understanding that some accountants and accounting houses outsource a lot of their work to India, SSAN's and all. I'm sure individual accounts like mine would be done in house, but I doubt Intuit was the first security gap. It was just the first we heard about.
Also be on the looks out for phishing scams, e-mail that look like they are from the IRS but the link takes you to a fake IRS page and it ask for SSN and bank info. The IRS doesn't e-mail you, they only send letters or possibly call.
TFWY... That's more than a little disturbing. I wonder if you could require that your work be done onshore. Would make for an interesting argument with your accountant, I imagine.

Parson... That's good advice, but the IRS actually is considering email for communications to taxpayers. It's crazy, but they started a pilot program last year.
Yipes, I just read something disturbing on another blog and now I read about Turbo Tax. I didn't use their online version, but one of my children did.

I think I'll need two glasses of wine before bed tonight!

Add a comment

Links to this post:

Create a Link