back to article Three exposed Brit's privates with sloppy survey code

Hacker Joseph Redfern has reported a privacy flaw at UK telco Three, which exposed names and email addresses in online surveys. The telco shuttered the offending survey site and the exposed API which returned the private information in JSON forms when a user entered data. Refern says the flaw meant any phone number could be …

  1. This post has been deleted by its author

  2. Pascal Monett Silver badge

    I wonder how that went through in the meeting

    Manager : Um, we're going to need some user data on the survey

    Coder : Sure, I can return the IP address, the user name and the account ID

    Manager : The name is good, but we'll be needing the account number as well, and the email address

    Coder : But I can't hash that data securely on the client side

    Manager : no problem, put it in the URL - nobody ever checks that, right ? I never do.

    Coder : But that's not secure . .

    Manager : We need it yesterday, so get cracking. We'll do security in the next version

  3. WonkoTheSane
    Big Brother

    Surveys?

    This is an EXCELLENT reason to decline taking them!

    1. Anonymous Coward
      Anonymous Coward

      Re: Surveys?

      A better method is to use spurious data. Just to fuck up their data mining statistics.

  4. Anonymous Coward
    Unhappy

    Data Protection

    I'm beginning to think that the time has come to treat all such security breaches as if they were deliberate and hit the fuckers with consequently higher penalties.

    Though I suppose that would just mean a slap on both wrists.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like