31-10-2013 14:27 - edited 31-10-2013 14:30
31-10-2013 14:27 - edited 31-10-2013 14:30
I was watching the BBC News today and they have been listening to a tape in a court case describing how a private investigator was able to phone O2 with a false name but the correct password (no idea how he got that) in order to succesfully get the pin to someone's voicemail reset to the default, so they could then play back and listen to their messages.
It's a pity they were allowed to continue without having the account holder's correct name, but I gather the thief had a very good line of chat.
I agree this is a difficult area and how they obtained the account password is unknown.
It goes to show that we really cannot be too careful with how we store our passwords and who might be able to gain access to them.
I use a password manager to store all mine under a master password that only I know.
There are quite a few apps and programs out there that can take care of this and I use LastPass on my pc and Colornote on my phone which seem to do the job well enough.
on 31-10-2013 15:34
Given that account passwords for contracts are typically something like mother's maiden name then with a bit of investigation or social engineering they can be guessed.
That doesn't excuse O2 for allowing the PI to reset the PIN on the voicemail of course but similar to the hacking of Mat Honan's iTunes, Amazon, and Twitter accounts, if procedures aren't in place or followed correctly anyone is vulnerable.
I use Keepass personally across all my devices for password storage.
on 31-10-2013 16:12
You would hope that O2 would send out via text a random PIN to the phone number on the account to prove that the person ringing up actually had the phone & was the account holder.
I'd rather O2 introduce this practice accross the board for ANY dealing's with account enquires, change of address, upgrade's, voicemail pin reset etc.
01-11-2013 12:33 - edited 01-11-2013 13:20
on 01-11-2013 12:44
on 01-11-2013 12:44
Taken to court? For what exactly?
Sending out a pin is ok provided the phone it's being sent to hasn't been stolen and the request made by the thief!
on 01-11-2013 12:49
on 01-11-2013 13:46
on 01-11-2013 13:46
Not going to happen as they have done nothing wrong, you don't nick the shopkeeper when his shop is broken into.
on 01-11-2013 14:33
01-11-2013 15:00 - edited 01-11-2013 15:01
01-11-2013 15:00 - edited 01-11-2013 15:01
@Anonymous wrote:
the protection of our personal data is extremely important and company's not complying with this should be brought to account more often in my opinion.
If you think the security isn't up to the job, then make a complaint to the ICO and let us know what they have to say on the matter.
The number of security breaches reported here are tiny and no worse than any other major UK company, when you consider they hold the account details for 23 million customers, so it would appear they have it fairly well organised.
on 01-11-2013 15:07
on 01-11-2013 15:07