Reply to post: Re: We've asked the Information Commissioner's Office to confirm it is aware of the issue. ®

Plusnet customers peeped others' deets during system upgrade

Anonymous Coward
Anonymous Coward

Re: We've asked the Information Commissioner's Office to confirm it is aware of the issue. ®

We're still just designing these systems incorrectly, shoving everything as rows into the same tables with no thought of restricting data.

I doubt they're still designing any of this - odds on that this is the migration of Plusnet's customer data onto either BT Retail or EE's big fat arse SAP system with the minimum of changes. The core system could be decades old, and maybe that's why the security's crap. But now everybody can try SQL injection attacks against all BT group retail websites, knowing that offset errors aren't properly vetted?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019