A security flaw allowing anyone armed with your phone number and correct UK postcode to add services to your BT account has been spotted by The Register . The site showed how easy it was to add additional phone packages to a user's account, but from our testing things may be even worse than initially thought. Using a friend's postal code and phone number — details that are often discoverable through directory enquiries — we were able to add BT Vision, the company's pay TV service, at a one-off cost of £49.00 (added directly to the customer's monthly bill) and an additional monthly fee of £12.50 to his account. Worse still, we used a throwaway email address to order the additional services, meaning he wasn't notified of his apparent...
via The Verge - All Posts http://www.theverge.com/2012/11/27/3696466/bt-website-insecure-premium-services-order-fraud-bt-vision
No comments:
Post a Comment