By Hiawatha Bray, Globe Staff | March 1, 2005
Boston software entrepreneur Aaron Greenspan, who revealed serious security flaws in the website of Tennessee payroll company PayMaxx Inc. last week, said yesterday that the site remains insecure. Greenspan said that a computer hacker still could use the site to obtain the Social Security numbers of hundreds of Americans.
Greenspan called the management of PayMaxx incompetent, and urged Congress to investigate the company. "They have no idea what they're doing," he said.
Greenspan's company, Think Computer Corp., had its payrolls prepared by PayMaxx, of Franklin, Tenn., until late last year. After ending their relationship, Greenspan found that his name, address, Social Security number, and other personal data were still available on the PayMaxx website, which could be accessed by entering zeroes in the site's login windows. Greenspan also found that he could obtain the same information about other PayMaxx customers by typing random numbers into the browser's address window. He estimated that up to
100,000 files could be accessed this way.