Data Breach Incident

[Sirius]

Quote:

Originally Posted by JPAC

https://www.bbc.co.uk/news/technology-51768577

Originally Posted by JPAC View Post
'A customer database left unsecured online by Virgin Media contained details linking some customers to pornography and explicit websites'. mmm?

So i ask again where does it say that >

[spiderplant]

Quote:

Originally Posted by Sirius

So i ask again where does it say that >

Ummm - the first paragraph?

[Sirius]

Quote:

Originally Posted by spiderplant

Ummm - the first paragraph?

Got it, should be interesting some maybe worried then

[JPAC]

Yes, taken from the title of the page and the start of the page in bold copy text.

See how you get on with this one.
https://www.theregister.co.uk/2020/0..._leak_details/

[iadom]

From that article.

‘Turgensec urged all Virgin Media customers who received a notice from the broadband provider to file a GDPR request for a full breakdown of what data of theirs was spilled. With 900,000 people affected.’

And,

Virgin Media added it is developing a tool to allow customers to search exactly what of their account information was exposed. ®

[Pierre]

Quote:

Originally Posted by SnoopZ

Just got the email, bollocks to Virginmedia not happy.

The information gleamed is no more than you can get from the phone book, apart from emails that people give out freely to just about anybody and anyone.

[Mad Max]

Quote:

Originally Posted by Pierre

The information gleamed is no more than you can get from the phone book, apart from emails that people give out freely to just about anybody and anyone.

So you can get internet sites that you have visited from the phone book?

[Pierre]

Quote:

Originally Posted by Mad Max

So you can get internet sites that you have visited from the phone book?

As far as I am aware your browsing history was not at risk, unless you know otherwise?

[Skie]

Quote:

Originally Posted by Paul

Good, its not their job to force ridiculous passwords on people.

What?

It bloody well is!

[StevenNT]

Quote:

Originally Posted by Skie

What?

It bloody well is!

I agree, VM's password policy is a bit wanting, in fact it seems everything they do in terms of security is wanting. Given this is a breach of GDPR I hope the fine they will eventually get will get them wake up and get their systems in order, there is zero excuse for it and a culture change is needed.

If I did something like this at my place I'd be fired thus take security very seriously. I'm an ex-VM customer (left July 2019) and sent a GDPR request myself about my own data they could still have.

Quote:

Originally Posted by Skie

What?

It bloody well is!

No idea what that link is supposed to show, but no, its not - its your responsibility.

[StevenNT]

Quote:

Originally Posted by Paul

No idea what that link is supposed to show, but no, its not - its your responsibility.

Virgin's policy in several areas is rather wanting and only limiting users to 10 characters at most and not even allowing punctuation marks is ridiculous in this day in age. So Virgin have an element of responsibility to allow a decent password makeup also but to me it sounds like your blaming the end user entirely on password policy.

It would be good to allow users to set more secure passwords without Virgin being silly and saying no you can't have x or y in a password.

Maybe the GDPR fine they will eventually face will force them to rethink their practices.

[Kushan]

Quote:

Originally Posted by Paul

Good, its not their job to force ridiculous passwords on people.

Nobody's asking them to force ridiculous passwords on people, but it's irresponsible for them to limit your potential password strength as well. The issue isn't that Virgin doesn't mandate a stronger password, it's that you don't even have the option to use one if you want.

Quote:

Originally Posted by Pierre

The information gleamed is no more than you can get from the phone book, apart from emails that people give out freely to just about anybody and anyone.

This is not true. It also listed what websites people had asked to block and unblock, which is definitely information that could be used to blackmail or scam the customer.

Imagine someone gets a phone call from "tech support" saying they caught a virus from <some porn website that they've definitely been on>. That's not good at all.

Even if it was "just" information you'd get from a phone book, many people are ex-directory for a reason and privacy is a right that Virgin has failed to protect.

[Skie]

There was a spate of phishing/scam emails not too long ago where people were receiving blackmail emails, basically "we know you visited greasygrannies.com and will make this public knowledge if you dont pay us £1k in bitcoin".

Whilst it was just a scam and the websites weren't actually visited, imagine those guys actually got hold of this database: they'd know what sites you'd submitted and could make fairly accurate threats and possibly even follow through on them. The original attempt was just a mass spam attempt to hopefully get a small number of fools, but actually being able to target people...

[Carth]

GreasyGrannies.com . . it used to be ok, but since I got this new 4K monitor it just doesn't look so good