Home
 » ISP News » 
Sponsored Links

UPDATE ISP PlusNet Criticised for Using Unsecure Broadband Signup Form

Wednesday, Jan 22nd, 2014 (10:35 am) - Score 1,681
plusnet_signup_security

Broadband ISP PlusNet, which is owned by BT, has become the latest Internet provider to face criticism today for lax security after it was revealed that their registration form for new customers doesn’t sit behind a secure web (HTTPS) connection and is instead transmitted without encryption.

In theory this vulnerability, which was spotted by The Register, means that any personal details you enter into the form might, albeit only under the right conditions, be exposed to a hacker. For example, attempting to sign-up while using a public wifi hotspot might not be advisable (i.e. a man-in-the-middle attack could potentially extract your details).

Advertisement

ISPreview.co.uk can confirm that the form (e.g. http://www.plus.net/signup/about-you/), which we just attempted to use ourselves, does indeed appear to exist on an ordinary HTTP instead of HTTPS (Hypertext Transfer Protocol Secure) connection.

However it would take a much more specific hack for the information to actually become accessible and indeed many online website forms still don’t use HTTPS due various issues, although you expect better from big commercial companies. Something as important as a form for signing up with your ISP, where real personal details are a requirement (no fake names etc.), should ideally be more secure.

As a rule you should never sign-up to any service on a network or device that is not controlled by yourself, which minimises the chances of your data being leaked to hackers. In this instance there’s also no evidence that PlusNet’s security (or lack thereof) has actually been breached so existing customers need not panic.

Never the less we have asked PlusNet to explain why they’re not putting such sensitive personal details behind an HTTPS page (most but not all commercial ISPs tend to do this) and are awaiting a reply.

Advertisement

UPDATE 11:37am

A spokesperson for PlusNet has told us that “all Plusnet customer passwords are stored with full encryption. Our customer sign up page is currently unencrypted, and we are in the process of fixing this urgently.”

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
Tags: ,
Mark-Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook and .
Search ISP News
Search ISP Listings
Search ISP Reviews

Comments are closed

Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
NOW UK ISP Logo
NOW £24.00
100Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £26.00
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £26.50 - 27.00
150Mbps
Gift: None
Zen Internet UK ISP Logo
Zen Internet £28.00 - 35.00
100Mbps
Gift: None
Large Availability | View All
New Forum Topics
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
BeFibre UK ISP Logo
BeFibre £19.00
150Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
YouFibre UK ISP Logo
YouFibre £22.99
150Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Large Availability | View All
The Top 15 Category Tags
  1. FTTP (5732)
  2. BT (3577)
  3. Politics (2607)
  4. Openreach (2344)
  5. Business (2327)
  6. Building Digital UK (2279)
  7. FTTC (2062)
  8. Mobile Broadband (2048)
  9. Statistics (1833)
  10. 4G (1732)
  11. Virgin Media (1678)
  12. Ofcom Regulation (1501)
  13. Fibre Optic (1428)
  14. Wireless Internet (1420)
  15. FTTH (1383)
Promotion
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact
Mastodon