HackersBlog finds BT.com flaw

The hackers which were thanked by the Telegraph earlier this week for finding a flaw have taken a look at BT's site, too.

BT.com is the lastest big firm to have its internet security examined by the prolific folks at HackersBlog.

After finding a flaw at the Telegraph's site earlier this week, Hackersblog posted details of how they claimed to access BT.com's database using a blind SQL injection.

The hackers write: "A faulty parameter, improperly sanitized opens the vault to the [precious] databases. One can gain access to such ordinary things as personal data, login data, and the like."

HackersBlog claimed to be able to access login and personal data including names, email addresses and passwords for some users registered with the site.

The hacking site held off publishing the full details of the problem until today in order to let BT fix the flaw. It said the vulnerable pages have now been taken down.

The site added that BT isn't the only big firm with such troubles, promising to show similar problems with other telcos. "Don't rush to conclusions and start pointing fingers before you see the next articles where we will show similar issues with other large telecommunication providers. As we said earlier, we don't take sides, but rather, want to show that the above mentioned vulns [vulnerabilities] can be found almost everywhere."

HackersBlog added: "We would like to thank BT.com for the fair-play and manners they displayed in addressing this issue in the email we got from them.We appreciate and support the mature and to the point attitude they have. It is very important for us."

That said, a spokesperson for BT told IT PRO: "BT has carried out a thorough investigation of this alleged breach. We have found that access was gained to a test database and therefore no customer details were revealed at any time."

"When sites are under test they do not contain live data and are often not included within our secure network until they become operational. BT has developed rigorous, world-leading protection against unauthorised computer access in order to protect customer details and commercial interests," the statement added.

"Where a suspected intrusion has occurred BT will act swiftly to ensure our customer data is not at risk. Our operational systems have not been affected in any way by this attempt to break through our security."

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
BT Mini Whole Home Wi-Fi review: Value-conscious range extension
wifi & hotspots

BT Mini Whole Home Wi-Fi review: Value-conscious range extension

15 Oct 2020

Most Popular

What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Zoom: From pandemic upstart to hybrid work giant
video conferencing

Zoom: From pandemic upstart to hybrid work giant

14 Sep 2021
Google takes down map showing homes of 111,000 Guntrader customers
data breaches

Google takes down map showing homes of 111,000 Guntrader customers

2 Sep 2021