Feeds

KCOM-owned Eclipse FAILS to cover up the password 'password'

Serves it in plain text to user via webpage

5 things you didn’t know about cloud backup

Exclusive A Register reader has exposed another privacy howler at KCOM - this time involving its Exeter-based ISP Eclipse Internet, which displays passwords in plain text to users via a webpage.

Customers who log in to their personal Eclipse user site are somewhat surprisingly shown the password for their account.

Today's tip of the hat from Vulture Central goes to Steve Foster, who got in touch following our story last week about a KC engineer allegedly revealing a spreadsheet containing unencrypted user IDs and passwords. He told El Reg:

I doubt that you'll be surprised that the utter incompetence within Kingston Communications goes further than Hull. At least as far as Exeter, in fact.

I attach a (redacted) screen grab from Eclipse Internet's management tool.

You'll see that they not only keep their passwords in plain text, they obligingly display them to you in full when you log into their website.

And yes, it does allow 'password'.

Anyone else feeling a tad bit insecure?

We asked KCOM to explain the lax security on display over at Eclipse Internet.

A spokeswoman at the company told The Reg:

Customers can view their password within our secure Eclipse customer portal only after they have logged in using their user name and password to authenticate their details. During the login process the password is not visible in plain text.

Which left your baffled correspondent wondering why the password would need to be displayed, if the same password was used to access the site.

We were also curious to know if there was any progress with the apparent KC spreadsheet blunder that El Reg recently uncovered.

But KCOM's spokeswoman told us there was "no update" on that particular story. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
Time Warner Cable customers SQUEAL as US network goes offline
A rude awakening: North Americans greeted with outage drama
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
EE fails to apologise for HUGE T-Mobile outage that hit Brits on Friday
Customer: 'Please change your name to occasionally somewhere'
EE plonks 4G in UK Prime Minister's backyard
OK, his constituency. Brace yourself for EXTRA #selfies
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.