BT.com is the lastest big firm to have its internet security examined by the prolific folks at HackersBlog.
After finding a flaw at the Telegraph's site earlier this week, Hackersblog posted details of how they claimed to access BT.com's database using a blind SQL injection.
The hackers write: "A faulty parameter, improperly sanitized opens the vault to the [precious] databases. One can gain access to such ordinary things as personal data, login data, and the like."
HackersBlog claimed to be able to access login and personal data including names, email addresses and passwords for some users registered with the site.
The hacking site held off publishing the full details of the problem until today in order to let BT fix the flaw. It said the vulnerable pages have now been taken down.
The site added that BT isn't the only big firm with such troubles, promising to show similar problems with other telcos. "Don't rush to conclusions and start pointing fingers before you see the next articles where we will show similar issues with other large telecommunication providers. As we said earlier, we don't take sides, but rather, want to show that the above mentioned vulns [vulnerabilities] can be found almost everywhere."
HackersBlog added: "We would like to thank BT.com for the fair-play and manners they displayed in addressing this issue in the email we got from them.We appreciate and support the mature and to the point attitude they have. It is very important for us."
That said, a spokesperson for BT told IT PRO: "BT has carried out a thorough investigation of this alleged breach. We have found that access was gained to a test database and therefore no customer details were revealed at any time."
"When sites are under test they do not contain live data and are often not included within our secure network until they become operational. BT has developed rigorous, world-leading protection against unauthorised computer access in order to protect customer details and commercial interests," the statement added.
"Where a suspected intrusion has occurred BT will act swiftly to ensure our customer data is not at risk. Our operational systems have not been affected in any way by this attempt to break through our security."
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
Modern enterprise cybersecuritywhitepaper Cultivating resilience with reduced detection and response times
-
IDC InfoBrief: How CIOs can achieve the promised benefits of sustainabilitywhitepaper CIOs are facing two conflicting strategic imperatives
-
Where will AI take security, and are we ready?whitepaper Steer through the risks and capitalise on the benefits of AI in cyber security
-
Does your security strategy show continuous improvement?Sponsored Content It’s important to do a regular check-up on your security systems and look at how you can implement continuous improvement as part of your security strategy
-
Protecting your cloud from malicious actorsSPONSORED In today’s multi-cloud world, there are more attack surfaces than ever for hackers to target - here’s what you can do to protect your business
-
The threats targeting operational technology and how to beat themSPONSORED Attackers looking to exploit overlooked flaws in OT or infect networks laterally can only be stopped with comprehensive observability strategies
-
What makes a satisfied customer?Sponsored Round-the-clock customer support could be the difference between success and failure in the event of IT disruption
-
Take your business further with a dedicated internet connectionwhitepaper Achieve internet speed and reliability to match your business ambitions
