Home
 » ISP News » 
Sponsored

UPDATE ISP PlusNet Criticised for Using Unsecure Broadband Signup Form

Wednesday, January 22nd, 2014 (10:35 am) - Score 1,646
plusnet_signup_security

Broadband ISP PlusNet, which is owned by BT, has become the latest Internet provider to face criticism today for lax security after it was revealed that their registration form for new customers doesn’t sit behind a secure web (HTTPS) connection and is instead transmitted without encryption.

In theory this vulnerability, which was spotted by The Register, means that any personal details you enter into the form might, albeit only under the right conditions, be exposed to a hacker. For example, attempting to sign-up while using a public wifi hotspot might not be advisable (i.e. a man-in-the-middle attack could potentially extract your details).

ISPreview.co.uk can confirm that the form (e.g. http://www.plus.net/signup/about-you/), which we just attempted to use ourselves, does indeed appear to exist on an ordinary HTTP instead of HTTPS (Hypertext Transfer Protocol Secure) connection.

However it would take a much more specific hack for the information to actually become accessible and indeed many online website forms still don’t use HTTPS due various issues, although you expect better from big commercial companies. Something as important as a form for signing up with your ISP, where real personal details are a requirement (no fake names etc.), should ideally be more secure.

As a rule you should never sign-up to any service on a network or device that is not controlled by yourself, which minimises the chances of your data being leaked to hackers. In this instance there’s also no evidence that PlusNet’s security (or lack thereof) has actually been breached so existing customers need not panic.

Never the less we have asked PlusNet to explain why they’re not putting such sensitive personal details behind an HTTPS page (most but not all commercial ISPs tend to do this) and are awaiting a reply.

UPDATE 11:37am

A spokesperson for PlusNet has told us that “all Plusnet customer passwords are stored with full encryption. Our customer sign up page is currently unencrypted, and we are in the process of fixing this urgently.”

Leave a Comment
2 Responses
  1. Avatar dragon2611

    The account password is also the one you use to connect, which means it’s stored on the Router and we all know how secure home routers aren’t.

    I think PPP auth is also chap/md5 but I may be wrong on that count.

    Highly recommend using a unique password for Plusnet

  2. Avatar adslmax

    Full encryption probably means base64. 😉

    Very poor.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £19.95 (*22.00)
    Avg. Speed 50Mbps, Unlimited
    Gift: Promo Code: HYPER20
  • SSE £22.00
    Avg. Speed 35Mbps, Unlimited
    Gift: None
  • xln telecom £22.74 (*47.94)
    Avg. Speed 66Mbps, Unlimited
    Gift: None
  • TalkTalk £22.95 (*29.95)
    Avg. Speed 38Mbps, Unlimited
    Gift: None
  • Plusnet £22.99 (*35.98)
    Avg. Speed 36Mbps, Unlimited
    Gift: £75 Reward Card
Prices inc. Line Rental | View All
The Top 20 Category Tags
  1. BT (2738)
  2. FTTP (2659)
  3. FTTC (1765)
  4. Building Digital UK (1720)
  5. Politics (1628)
  6. Openreach (1587)
  7. Business (1402)
  8. FTTH (1329)
  9. Statistics (1219)
  10. Mobile Broadband (1194)
  11. Fibre Optic (1047)
  12. 4G (1025)
  13. Wireless Internet (1009)
  14. Ofcom Regulation (1003)
  15. Virgin Media (989)
  16. EE (678)
  17. Sky Broadband (661)
  18. TalkTalk (651)
  19. Vodafone (650)
  20. 5G (486)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact