back to article Vodafone secures email-flashing barn door

Vodafone has secured the security breach that allowed anyone with a bit of time on their hands to collect subscribers' email addresses and phone numbers. The hole came to light on Wednesday and allowed anyone to enter a phone number and get the corresponding email address, or enter a valid user name to get both the email and …

COMMENTS

This topic is closed for new posts.
Stop

are they going to tell us....

....whose details may have been compromised?

They must be able to tell.

1
0
Silver badge
Boffin

Did you get an unexpected email?

If so, then your details were compromised.

its not rocket science

0
0
Anonymous Coward

Publish a list

Maybe they will publish a list of everyone who has been compromised. Obviously, the list will include the name on the account plus the associated telephone number and email address.

0
0
Pirate

Re: It's not rocket science

Actually, the details were exposed *before* any emails got sent.

It said something along the lines of "do you want us to send your password reminder to you@example.com?" There was a button to send the mail, or another to quit.

Just clicking the back button and repeating the process got you people's details without sending them any emails to arouse suspicion.

Not that I used it. At all.

0
1

not rocket science...

it's not rocket science no. but it is a little more complicated than that.

0
0

there's no need to hide it all!

Why not just show, for example," joe.bl****@**********"? Sure, someone could still guess the rest of it ,but chances are they would guess wrong and then it's just back to spamming random email addresses.

0
0
Silver badge
FAIL

Useless Vodafone

A short while ago I wanted to upgrade my phone, so I logged in to my account on the Vodafone site.

When I followed the "upgrade" link, I was surprised to find that there was a further level of security, requiring a different login. Apparently it's OK for somebody to hack in and see my direct debit details and all the numbers I've called, but they don't want to let them know what I can upgrade my phone to.

In order to activate the super-secret upgrade login I had to provide all sorts of personal details, including date of birth. The attempt failed because, apparently, I don't know my own DOB.

0
0

Think it was Vodaphone. Bloke here in Aus...

...started getting voice mails and texts intended for others. And not just one account's worth, but dozens'. He was getting invites to come and discus medical problems, car problems, anything and everthing.

0
0
This topic is closed for new posts.

Forums