- Vodafone denies customer details leaked
- But telco resets all passwords
- Unbelievably slack security, says expert
The mobile phone company has reset all passwords for its web portal, used by employees and dealers.
Details including names, home addresses, driver's licence numbers and credit card details have been available on the web in what has been described as an "unbelievable'' lapse in security, Fairfax newspapers reported.
The report said criminal groups have paid for the private details of some Vodafone customers to blackmail them and other people have obtained logins to check their spouse's communications.
It said the full extent of the privacy breach is unknown, but it is possible that thousands of people have logins that can be passed around and used to gain access to the accounts of about four million Vodafone clients.
A Vodafone spokesman said the company was concerned to hear of the alleged breach.
"Vodafone's customer details are not 'publicly available on the internet','' he said in a statement today.
"Customer information is stored on Vodafone's internal systems and accessed through a secure web portal, accessible to authorised employees and dealers via a secure login and password.
"Any unauthorised access to the portal will be taken very seriously, and would constitute a breach of employment or dealer agreement and possibly a criminal offence.''
The company would investigate the allegations and refer the matter to the Australian Federal Police if appropriate, the statement said.
The spokesman added that all passwords had been reset and a review is being undertaken of the training and systems procedures.
Michael Fraser, head of the Australian Communications Law Centre at the University of Technology, Sydney, told Fairfax it seemed to be a major breach of the company's privacy obligations and "unbelievably slack security''.
No comments:
Post a Comment