Skip to navigation
Latest News

Demon ebill blunder exposes thousands of passwords

Password

By Barry Collins

Posted on 23 Sep 2009 at 09:35

Demon Internet has sent out a spreadsheet containing the personal details of thousands of customers with one of its new ebills.

The spreadsheet - which has been forwarded to PC Pro - contains email addresses, telephone numbers and what appears to be usernames and passwords for the ebilling system.

The spreadsheet was sent to a PC Pro reader who was staggered to discover it attached to an email explaining how to use the new system.

Demon is refusing to disclose how many customers have received the spreadsheet, although it says it's less than a few thousand.

Police forces and NHS trusts are among the email addresses listed in the database

The Excel spreadsheet - which isn't password protected - contains more than 3,600 records. It includes the full name of the customers, email addresses, telephone numbers and names of the customers' businesses. Police forces, NHS trusts and government officials are among the email addresses listed in the database.

The file also includes two unidentified fields which adopt the same format as the username and password for the ebilling system that was sent to the PC Pro reader.

Human error

Demon Internet is blaming "human error" for the security breach. "Customer Information for a limited number of customers who had signed up to Demon’s new paperless billing platform has been circulated as an attachment to an email," a company statement reads.

"To be clear, this information did not contain any financial or payment information (bank details, credit card numbers etc). On discovery, Demon took immediate steps to secure the information/details and security of customers affected."

"We would like to apologise to all concerned but state that this was a limited and isolated case caused by human error and to reassure customers that their security is our key priority."

The PC Pro reader claims the incident is the latest in a series of problems to beset the Demon ebilling system. "Demon's ebilling has been a disaster and continued to be so this morning when relaunched," the reader told us. The company introduced a different ebilling system some months ago, but returned to paper billing following technical difficulties.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

Human error is natural, and I feel truly sorry for whoever pressed the send button.

However, the comment seems to be sweeping the issue under the carpet. Names, email addresses and telephone numbers are still a significant breach of not only security, but also customer trust.

It will be nice to see if Demon customers get an apologetic email (they haven't yet!), or whether it will be hoped that "no-one noticed".

By martinc on 23 Sep 2009

shameful

Human error is understandable, but the fact that Demon seems to have very little internal security seems very disappointing.

A spreadsheet with customers username and password should have been able to be distributed outside of the company system, I find it to be gross incompetence on the part of companies and organisations who have little or no internal document security system to prevent small breaches such as this.

I'll be taking note to stay well clear of Demon in the future.

By saqib_ on 23 Sep 2009

Note to Self

Note to self... Steer clear of Demon.

Hold on, I'm sure I've already got a similar note to self after last time.

By GlasgowGuy on 23 Sep 2009

Typical of Demon these days

Was with Demon >14 years. Left 1 month ago because I could take any more of their declining standards and awful customer service.

Can't say I'm surprised by this latest ebilling disaster. They seem to have made a real mess of this - I'm sure it's almost two years since they first tried to get this off the ground.

Demon need to be hauled over the coals on this and handed a massive fine. I'm far more concerned when my name and address gets handed out than when my credit card number ends up in the wrong hands. I can cancel my credit card - I can't change my name and address so easily. Name and address is all that's needed to carry out id theft. Wake up Demon!

By agavinm on 24 Sep 2009

Have to somewhat agree

'agavunm' you certainly got the customer services bit right!
I called one day to ask if I was upto date on payments. Instead of an answert the lady said that I needed to look at ebilling. The frustration of some literally 3 hours over 2 days to find ebill is just .pdf's of your last 13 months invoices beggars belief.
To now hear that with their new connect data (I got mine)this kind of thing has happened worries me. No one told me the extent of the problem. Probably the 'miscreant' will get promotion!
Michael

By photomanlondon on 24 Sep 2009

Leave a comment

You need to Login or Register to comment.

(optional)

advertisement

Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.