HackersBlog finds BT.com flaw
The hackers which were thanked by the Telegraph earlier this week for finding a flaw have taken a look at BT's site, too.
The hackers write: "A faulty parameter, improperly sanitized opens the vault to the [precious] databases. One can gain access to such ordinary things as personal data, login data, and the like."
HackersBlog claimed to be able to access login and personal data including names, email addresses and passwords for some users registered with the site.
The hacking site held off publishing the full details of the problem until today in order to let BT fix the flaw. It said the vulnerable pages have now been taken down.
The site added that BT isn't the only big firm with such troubles, promising to show similar problems with other telcos. "Don't rush to conclusions and start pointing fingers before you see the next articles where we will show similar issues with other large telecommunication providers. As we said earlier, we don't take sides, but rather, want to show that the above mentioned vulns [vulnerabilities] can be found almost everywhere."
HackersBlog added: "We would like to thank BT.com for the fair-play and manners they displayed in addressing this issue in the email we got from them.We appreciate and support the mature and to the point attitude they have. It is very important for us."
That said, a spokesperson for BT told IT PRO: "BT has carried out a thorough investigation of this alleged breach. We have found that access was gained to a test database and therefore no customer details were revealed at any time."
"When sites are under test they do not contain live data and are often not included within our secure network until they become operational. BT has developed rigorous, world-leading protection against unauthorised computer access in order to protect customer details and commercial interests," the statement added.
"Where a suspected intrusion has occurred BT will act swiftly to ensure our customer data is not at risk. Our operational systems have not been affected in any way by this attempt to break through our security."
The definitive guide to warehouse efficiency
Get your free guide to creating efficiencies in the warehouseFree download
The total economic impact™ of Datto
Cost savings and business benefits of using Datto Integrated SolutionsDownload now
Three-step guide to modern customer experience
Support the critical role CX plays in your businessFree download
The global state of the channelDownload now