Parisexposed.com oversight reveals credit card details.
Web users who signed up to a Paris Hilton exposé website may be in trouble after poor web design left their credit card information exposed.
Parisexposed.com was set up by internet entrepreneur Bardia Persa after he bought a container of Hilton's personal possessions at an auction. The container came up for sale after the heiress forgot to pay a US$208 storage bill.
The site claims to include Hilton memorabilia such as videos of her having sex, allegedly snorting cocaine off a man's chest and allegedly making racist and homophobic remarks.
Persa also claims to have more mundane items like childhood photos and prescriptions for herpes medication. Online access is being sold for US$19.97 a month.
But an investigation by The Smoking Gun website said that by changing a few characters on the web page URL it was possible to see the subscriber's name, email address, password, phone number, mailing address and credit card number.
The fault was repaired after the investigators sent a message to the site's owner.
Listed among the 750 subscribers were viewers from 28 countries around the world, including the son of a famous US television news personality.
The website was taken down by a court order in February but was back up in defiance of the ruling after Hilton was jailed for driving offences.