dslreports logo
site
spacer

spacer
 
   
spc
story category
BT Website Glitch Lets Attacker Add Services
Using Just a Zip Code and Phone Number
by Karl Bode 06:26PM Wednesday Nov 28 2012
UK provider British Telecom is under fire for a website glitch that allows an individual to add services to a user account -- simply by providing a phone number and zip code. The vulnerability, spotted by The Register, was actually initially even worse: users who entered that information were easily able to acquire all the additional information of a primary account holder. British Telecom says they've fixed the latter issue -- but has refused to address the initial problem with their website. "One could easily make a nuisance of oneself ordering extra services for someone and BT would be happy to comply with those requests, it seems," notes the Register reader. "They should ask for the BT account number as well at the very least, since that is not something that people give out."

view:
topics flat nest 

JigglyWiggly

join:2009-07-12
Pleasanton, CA

er

I thought they did this on purpose and wasn't a glitch?