Plusnet Suffers Website Security Glitch
By: MarkJ - 07 February, 2007 (9:17 AM)

Thinkbroadband reports that a security flaw in Plusnet's discussion forum software could have allowed certain encrypted passwords to be read. The ISP notes that the exploit was located by a customer, but doesn't appear to have been openly abused:

It recently came to our attention that a potential security problem existed on our website discussion forums. It could have been possible to exploit the forum software, and retrieve an encrypted copy of the password details we hold for your account.

As a user of our forums, we are now emailing you to advise you of this, and of the next steps you should take. Although we have no evidence that a malicious attack has occurred, we can confirm that one of our customers proved this vulnerability, and subsequently contacted us. We would like to publicly thank that individual, and we have had assurances that any data obtained has now been destroyed.

We are now asking all customers in receipt of this email to change their account password as soon as possible, purely as a precaution. This can be done on-line, by going to our member centre website at http://portal.plus.net

This only affects customers who have not used a 'strong' password that is not easy to guess. It's always good practice to make sure you change your password on a regular basis. Take a look at the advice on http://www.plus.net/support/security/index.shtml for more information about how you can improve your online security.

Credits to Plusnet for actually owning up to this since most ISP's would probably prefer to brush such things under the proverbial carpet.


History - [News Archives]


Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved (Terms, Privacy Policy, Links (.), Website Rules).