site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
   
story category
BT Website Glitch Lets Attacker Add Services
Using Just a Zip Code and Phone Number
by Karl Bode Wednesday 28-Nov-2012 tags: business · security · trouble
UK provider British Telecom is under fire for a website glitch that allows an individual to add services to a user account -- simply by providing a phone number and zip code. The vulnerability, spotted by The Register, was actually initially even worse: users who entered that information were easily able to acquire all the additional information of a primary account holder. British Telecom says they've fixed the latter issue -- but has refused to address the initial problem with their website. "One could easily make a nuisance of oneself ordering extra services for someone and BT would be happy to comply with those requests, it seems," notes the Register reader. "They should ask for the BT account number as well at the very least, since that is not something that people give out."

Forums >

BT Website Glitch Lets Attacker Add Services

view: topics flat text 
Post a:

JigglyWiggly

join:2009-07-12
Pleasanton, CA

er

I thought they did this on purpose and wasn't a glitch?
permalink · 2012-11-28 20:23:47 · Reply to this ·
Forums > BT Website Glitch Lets Attacker Add Services

Wednesday, 19-Jun 09:55:23 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 13.5 years online © 1999-2013 dslreports.com.