BT Website Glitch Lets Attacker Add Services
Using Just a Zip Code and Phone Number
UK provider British Telecom is under fire for a website glitch that allows an individual to add services to a user account -- simply by providing a phone number and zip code. The vulnerability, spotted by The Register
, was actually initially even worse: users who entered that information were easily able to acquire all the additional information of a primary account holder. British Telecom says they've fixed the latter issue -- but has refused to address the initial problem with their website. "One could easily make a nuisance of oneself ordering extra services for someone and BT would be happy to comply with those requests, it seems," notes the Register
reader. "They should ask for the BT account number as well at the very least, since that is not something that people give out."