Feeds

KCOM-owned Eclipse FAILS to cover up the password 'password'

Serves it in plain text to user via webpage

Boost IT visibility and business value

Exclusive A Register reader has exposed another privacy howler at KCOM - this time involving its Exeter-based ISP Eclipse Internet, which displays passwords in plain text to users via a webpage.

Customers who log in to their personal Eclipse user site are somewhat surprisingly shown the password for their account.

Today's tip of the hat from Vulture Central goes to Steve Foster, who got in touch following our story last week about a KC engineer allegedly revealing a spreadsheet containing unencrypted user IDs and passwords. He told El Reg:

I doubt that you'll be surprised that the utter incompetence within Kingston Communications goes further than Hull. At least as far as Exeter, in fact.

I attach a (redacted) screen grab from Eclipse Internet's management tool.

You'll see that they not only keep their passwords in plain text, they obligingly display them to you in full when you log into their website.

And yes, it does allow 'password'.

Anyone else feeling a tad bit insecure?

We asked KCOM to explain the lax security on display over at Eclipse Internet.

A spokeswoman at the company told The Reg:

Customers can view their password within our secure Eclipse customer portal only after they have logged in using their user name and password to authenticate their details. During the login process the password is not visible in plain text.

Which left your baffled correspondent wondering why the password would need to be displayed, if the same password was used to access the site.

We were also curious to know if there was any progress with the apparent KC spreadsheet blunder that El Reg recently uncovered.

But KCOM's spokeswoman told us there was "no update" on that particular story. ®

The essential guide to IT transformation

More from The Register

next story
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Canadian ISP Shaw falls over with 'routing' sickness
How sure are you of cloud computing now?
Don't call it throttling: Ericsson 'priority' tech gives users their own slice of spectrum
Actually it's a nifty trick - at least you'll pay for what you get
Three floats Jolla in Hong Kong: Says Sailfish is '3rd option'
Network throws hat into ring with Linux-powered handsets
Fifteen zero days found in hacker router comp romp
Four routers rooted in SOHOpelessly Broken challenge
New Sprint CEO says he will lower axe on staff – but prices come first
'Very disruptive' new rates to be revealed next week
US TV stations bowl sueball directly at FCC's spectrum mega-sale
Broadcasters upset about coverage and cost as they shift up and down the dials
PwC says US biz lagging in Internet of Things
Grass is greener in Asia, say the sensors
Ofcom sees RISE OF THE MACHINE-to-machine cell comms
Study spots 9% growth in IoT m2m mobile data connections
O2 vs Vodafone: Mobe firms grab for GCHQ, gov.uk security badge
No, the spooks love US best, say rival firms
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.