are they going to tell us....
....whose details may have been compromised?
They must be able to tell.
Vodafone has secured the security breach that allowed anyone with a bit of time on their hands to collect subscribers' email addresses and phone numbers. The hole came to light on Wednesday and allowed anyone to enter a phone number and get the corresponding email address, or enter a valid user name to get both the email and …
Actually, the details were exposed *before* any emails got sent.
It said something along the lines of "do you want us to send your password reminder to you@example.com?" There was a button to send the mail, or another to quit.
Just clicking the back button and repeating the process got you people's details without sending them any emails to arouse suspicion.
Not that I used it. At all.
A short while ago I wanted to upgrade my phone, so I logged in to my account on the Vodafone site.
When I followed the "upgrade" link, I was surprised to find that there was a further level of security, requiring a different login. Apparently it's OK for somebody to hack in and see my direct debit details and all the numbers I've called, but they don't want to let them know what I can upgrade my phone to.
In order to activate the super-secret upgrade login I had to provide all sorts of personal details, including date of birth. The attempt failed because, apparently, I don't know my own DOB.