PlusNet goofs on passwords
Hole in forum software
ISP PlusNet is warning customers who use its forums that their passwords could, theoretically, have been accessed by a hacker.
The company was warned by a customer that the vulnerability existed and fixed it quickly. But it has still sent an email to several thousand customers who could be affected by the glitch. Several unimpressed PlusNet punters forwarded the mail on to us.
The email reads: "It recently came to our attention that a potential security problem existed on our website discussion forums (http://portal.plus.net/central/forums/). It could have been possible to exploit the forum software, and retrieve an encrypted copy of the password details we hold for your account."
A spokesman for PlusNet said: "Even if this was exploited it would not give access to payment details. Someone could post messages in the forums or change account settings. We have not seen any multiple log-ins or strange behaviour to suggest this has happened."
The spokesman said customers with passwords which are also dictionary words rather than a mixture of words and numbers should change them.
The company has also informed the Information Commissioner of the problem.
More info from Plusnet here. ®
Sponsored: Customer Identity and Access Management