Re: Data Breach Incident
 

Originally Posted by JPAC View Post
'A customer database left unsecured online by Virgin Media contained details linking some customers to pornography and explicit websites'. mmm?

So i ask again where does it say that >

Re: Data Breach Incident
 

Ummm - the first paragraph?

Re: Data Breach Incident
 

Got it, should be interesting :) some maybe worried then

Re: Data Breach Incident
 

Yes, taken from the title of the page and the start of the page in bold copy text.

See how you get on with this one.
https://www.theregister.co.uk/2020/0..._leak_details/

Re: Data Breach Incident
 

From that article.

‘Turgensec urged all Virgin Media customers who received a notice from the broadband provider to file a GDPR request for a full breakdown of what data of theirs was spilled. With 900,000 people affected.’

And,

Virgin Media added it is developing a tool to allow customers to search exactly what of their account information was exposed. ®

Re: Data Breach Incident
 

The information gleamed is no more than you can get from the phone book, apart from emails that people give out freely to just about anybody and anyone.

Re: Data Breach Incident
 

So you can get internet sites that you have visited from the phone book? :shocked:

Re: Data Breach Incident
 

As far as I am aware your browsing history was not at risk, unless you know otherwise?

Re: Data Breach Incident
 

What?

It bloody well is!

Re: Data Breach Incident
 

I agree, VM's password policy is a bit wanting, in fact it seems everything they do in terms of security is wanting. Given this is a breach of GDPR I hope the fine they will eventually get will get them wake up and get their systems in order, there is zero excuse for it and a culture change is needed.

If I did something like this at my place I'd be fired thus take security very seriously. I'm an ex-VM customer (left July 2019) and sent a GDPR request myself about my own data they could still have.

Re: Data Breach Incident
 

No idea what that link is supposed to show, but no, its not - its your responsibility.

Re: Data Breach Incident
 

Virgin's policy in several areas is rather wanting and only limiting users to 10 characters at most and not even allowing punctuation marks is ridiculous in this day in age. So Virgin have an element of responsibility to allow a decent password makeup also but to me it sounds like your blaming the end user entirely on password policy.

It would be good to allow users to set more secure passwords without Virgin being silly and saying no you can't have x or y in a password.

Maybe the GDPR fine they will eventually face will force them to rethink their practices.

Re: Data Breach Incident
 

Nobody's asking them to force ridiculous passwords on people, but it's irresponsible for them to limit your potential password strength as well. The issue isn't that Virgin doesn't mandate a stronger password, it's that you don't even have the option to use one if you want.

This is not true. It also listed what websites people had asked to block and unblock, which is definitely information that could be used to blackmail or scam the customer.

Imagine someone gets a phone call from "tech support" saying they caught a virus from <some porn website that they've definitely been on>. That's not good at all.

Even if it was "just" information you'd get from a phone book, many people are ex-directory for a reason and privacy is a right that Virgin has failed to protect.

Re: Data Breach Incident
 

There was a spate of phishing/scam emails not too long ago where people were receiving blackmail emails, basically "we know you visited greasygrannies.com and will make this public knowledge if you dont pay us £1k in bitcoin".

Whilst it was just a scam and the websites weren't actually visited, imagine those guys actually got hold of this database: they'd know what sites you'd submitted and could make fairly accurate threats and possibly even follow through on them. The original attempt was just a mass spam attempt to hopefully get a small number of fools, but actually being able to target people...

Re: Data Breach Incident
 

GreasyGrannies.com . . it used to be ok, but since I got this new 4K monitor it just doesn't look so good ;)