Rakuten, personal information including user's mail address was found to be downloaded and sold by "1 case 10 yen"

※ This article is "From the Rakuten Ichiba, personal information will leak to spammers, or spam mailed with real names will start reaching e-mail addresses that are used only by RakutenSo if you are not reading the first article, please read through the first article first and then read.

"From the Rakuten Ichiba, personal information will leak to spammers, or spam mailed with real names will start reaching e-mail addresses that are used only by RakutenRakuten changed the system due to the leakage of personal information leakage in July 2005 and tells you that the e-mail address is set to "hidden" for shops that are opening at Rakuten I did it, but in reality it was totally different.

Each shop can browse most of the personal information registered in Rakuten Ichiba, and for the personal information including the e-mail address, the Rakuten market himself places in each shop1 item download sales at 10 yenIt is said that it is. Downloading is possible with CSV format files, and the actual situation that the personal information of the user using the Rakuten market is sold to every shop from Rakuten as "goods" is revealed It was.

~ Mukuji
■ What is Rakuten I sell and profit from the beginning?
■ Presence of "store management manual"
How far does each shop understand personal information?
■ Rakuten is selling e-mail addresses to shops
■ The possibility that personal information registered in the Rakuten Market flows out to the outside is extremely high

Details are as below.
■ What is Rakuten I sell and profit from the beginning?

Users who usually use Rakuten Ichiba may not have thought so much, but the Rakuten Ichiba is to let each shop use a system that functions as a place called "internet shopping mall" to pay the opening fee We are stepping up profits.

For example, the cheapest plans to open in Rakuten Ichiba are "Ganbare! Plan", the monthly basic charge is 19,500 yen, the minimum contract life is a one-year prepayment, and the monthly sales It is a system that pays Rakuten more 6.5% ~ 3.5%.

The outline of each plan is as follows.

·Do your best! plan
Contract period: 1 year
Basic shopping fee: 19,500 yen / month (one-time worth prepaid)
System usage fee: 6.5% to 3.5% of monthly sales

· Light plan
Contract period: 3 months
Basic opening fee: 39,800 yen / month (3 months worth prepaid at a time)
System usage fee: 5% to 3.5% of monthly sales

·standard plan
Contract period: 1 year
Basic shopping fee: 50,000 yen / month (prepayment divided twice every half year)
System usage fee: None

· Mega shop plan
Contract period: 1 year
Basic shopping fee: 100,000 yen / month (prepayment divided twice every half year)
System usage fee: None

In addition, at the time of opening a store, as an expense of 32,000 yen as "RMS introductory manual set" separately, as another paid service RMS all product mobile, Rakuten super point, Rakuten super affiliate, joint purchase etc. are used separately The fee is generated ...... It is a mechanism.

In this way, Rakuten market collects shopping fee / system usage fee from each shop in various ways, it is very stable and enormous profit is raised,Sales from December 2004 to December 2008As you can see from the graph below, it is steadily rising to the right.


In 2004, sales of 45,567 million yen were sold at 249,883 million yen in 2008, and the number of employees was 599 in 2004, but to 2081 in 2008 It is increasing to.

By the way, at the beginning, Mr. Miki Valley, the representative of the Rakuten market,"In the Rakuten market, if you pay 50,000 yen for the place cost on the month, it will not take any more" (Asahi Shimbun, March 1999) "The shopping fee has been reduced to 50,000 yen a month. I will not take money from you. "(July 1999 Nikkei PC 21)Although it seems to have said that, the charge system has been changed several times, and it is a charging system like now.

■ Presence of "store management manual"

Rakuten Ichiba sells to the shop is basically "net shop management system" It is understood that it is profitable with its usage fee, but Rui of the Rakuten market is profound for using that net shop operating system There is support, it is said to be. Therefore, in addition to "RMS introductory manual set" of 32,000 yen to the shop side selling goods on Rakuten Ichiba, "store management manual" is provided on the net.

【Rakuten Market】 store management manual
http://www.rakuten.co.jp/shops/manual/


The necessary information and materials on Rakuten's store management are packed like a mountain and it is very fulfilling content. This manual is all about Rakuten Ichiba, and each shop that opens in Rakuten Ichiba is doing my best while watching this manual.

Although most of basic certification is applied, ID and PASS for viewing are published on Rakuten's various shop support pages in Rakuten markets.

How far does each shop understand personal information?

Registering as a store in the Rakuten market will make various systems available, but the main system among them is the system called "R - Backoffice" that manages orders. For Rakuten users who ordered using the Rakuten Market, "Order No.", "Name of Order", "Card Holder", etc. are displayed. It sends Thanks mail, payment confirmation mail, shipping completion mail via this "R - Backoffice".


By clicking on the order number displayed in this "R-Backoffice" it is possible to "modify the order contents", confirming the personal information of the user using the Rakuten market at this time can.


From here you can check your name, address, phone number, email address and so on.


However, RakutenPersonal information leaked out in July 2005Thereafter, this system has been improved since then, and now it can not be checked from the correction screen


In fact it is "hidden".


In other words, it is impossible for the e-mail address to go to each shop from Rakuten Ichiba, it may have been good to have been .... In fact, it is not such a thing, even more terrible reality is this " Store management manual "was stated.

■ Rakuten is selling e-mail addresses to shops

According to the "store management manual" there is "new CSV data download", and by using this service, each shop can collectively download the order information as a CSV format file that can be handled by Excel etc. It is getting.


This will enable you to process vouchers and invoices to shippers, shipping address list at the time of collective proxy shipment of gifts, mailing label printing, etc, but this function is charged and how 100 Up to 1000 yen, if it exceeds 100 cases, it is 10 yen per case. In other words, it sells personal information for 10 yen per case.


実際にダウンロードできるデータのサンプルが「店舗運営マニュアル」内の「http://www.rakuten.co.jp/shops/manual/service/backoffice/csvdl/sample.zip」にて配布されており、以下が楽天の店舗運営マニュアル内にて配布されているZIPファイルと同じものとなります。

<Sample.zip>

The contents are "ordinary purchase data. Csv" "auction data. Csv" "present data csv" "joint purchase data. Csv" "data request data. Csv" "product inquiry data. Csv" · Personal information such as postal code, address, telephone number, nickname, e-mail address, credit card number, credit card holder, credit card expiration date, etc. are stated.

However, "mail address" is not actually written in this CSV file. In other words, the mail address can not be leaked via this CSV data download service. But, what is it, here it turns out to be a terrible reality.

Q. I want to obtain an e-mail address with the CSV data download service


In other words, if the monthly sales is over 10 million yen or if the shop has more than 1000 orders per month, you can get the mail address at once by this CSV data download service if the review is successful. Even if it does not meet the criteria, it is written that it seems to be something if it consults separately, it is messed up to say clearly.

■ The possibility that personal information registered in the Rakuten Market flows out to the outside is extremely high

Although all handling of personal information eventually becomes the responsibility of each shop of the Rakuten market, it is undoubtedly Rakuten that the personal information is sold to the shop and profitable. Rakuten himself does not directly sell personal information and e-mail address to the spam trader, but while there is a past where personal information such as the e-mail address leaked, rather this is the mechanism that will profit further with it You should have quite a problem.

Rakuten himself also fully recognizes this problem, and as evidence that "Q. I want to obtain an e-mail address with the CSV data download service"It is obligatory to submit the following insertion statement.


Besides, according to Tale comment, order confirmation mail sent automatically to the buyer is broadcasted also to the store, the sender is Rakuten Ichiba, the destination is the address of the purchaser, the address is the store's address, etc. It is possible to acquire the customer's information free of charge if you take in the customer's email address manually from here, software for receiving order management from mail also exists, so list it It is also easy.

In addition, in 2009 briefing materials for investors, Rakuten possesses this large amount of personal information to create "Rakuten economic area (ecosystem)" and a diagram that provides various services is drawn However, it is doubtful that the attitude of selling personal information that supports the foundation of Rakuten at 10 yen per case. Or, I think only as a suicide act.


According to the briefing materials of the same 2009, the number of Rakuten members who are using the Rakuten market is currently "53.1 million". Among them, how many pieces of personal information and e-mail address leaked out by "CSV data download service"?


In addition, the number of store openings of Rakuten Ichiba is "27,258 shops". Among them, how many shops actually caused personal information and e-mail addresses to leak to spammers?


At least, as long as this "CSV data download service" exists, the possibility of personal information registered in the Rakuten Market flowing out to the outside is extremely high, and although it is not personally personally, it is said that it is far from a state where it can be used with confidence I can not help it.

Finally, when you summarize a series of flows, it looks like this.

In July 2005, personal information including e-mail address leaked
↓
Hide email address so that it can not be seen from the shop
↓
Sales of personal information list including e-mail address, real name, address etc started for shops

As soon as some comment comes from Rakuten on this matter, I will post a followup report.

· Continued
10 problems that "Rakuten" is holding up Summary