PlusNet goofs on passwords
Print storyHole in forum software
Posted in Telecoms, 7th February 2007 11:51 GMT
ISP PlusNet is warning customers who use its forums that their passwords could, theoretically, have been accessed by a hacker.
The company was warned by a customer that the vulnerability existed and fixed it quickly. But it has still sent an email to several thousand customers who could be affected by the glitch. Several unimpressed PlusNet punters forwarded the mail on to us.
The email reads: "It recently came to our attention that a potential security problem existed on our website discussion forums (http://portal.plus.net/central/forums/). It could have been possible to exploit the forum software, and retrieve an encrypted copy of the password details we hold for your account."
A spokesman for PlusNet said: "Even if this was exploited it would not give access to payment details. Someone could post messages in the forums or change account settings. We have not seen any multiple log-ins or strange behaviour to suggest this has happened."
The spokesman said customers with passwords which are also dictionary words rather than a mixture of words and numbers should change them.
The company has also informed the Information Commissioner of the problem.
More info from Plusnet here. ®
Extended Validation
Control Social Networking Use in Your Business
Gartner Report: US Data Centers - The Calm Before the Storm
The Perfect (Virtual) Marriage
Making Green IT a Reality
Netbooks and Mini-Laptops
Emails show journalist rigged Wikipedia's naked shorts
Yours truly, angry mob