Posted: 07th Feb, 2007 By: MarkJ
Thinkbroadband reports that a security flaw in
Plusnet's discussion forum software could have allowed certain encrypted passwords to be read. The ISP notes that the exploit was located by a customer, but doesn't appear to have been openly abused:
It recently came to our attention that a potential security problem existed on our website discussion forums. It could have been possible to exploit the forum software, and retrieve an encrypted copy of the password details we hold for your account.
As a user of our forums, we are now emailing you to advise you of this, and of the next steps you should take. Although we have no evidence that a malicious attack has occurred, we can confirm that one of our customers proved this vulnerability, and subsequently contacted us. We would like to publicly thank that individual, and we have had assurances that any data obtained has now been destroyed.
We are now asking all customers in receipt of this email to change their account password as soon as possible, purely as a precaution. This can be done on-line, by going to our member centre website at
http://portal.plus.netThis only affects customers who have not used a 'strong' password that is not easy to guess. It's always good practice to make sure you change your password on a regular basis. Take a look at the advice on
http://www.plus.net/support/security/index.shtml for more information about how you can improve your online security.
Credits to
Plusnet for actually owning up to this since most ISP's would probably prefer to brush such things under the proverbial carpet.