Demon ebill blunder exposes thousands of passwords

23 Sep 2009
Password

PC Pro exclusive: Demon Internet sends out thousands of email addresses, telephone numbers and other personal details in ebilling blunder

Demon Internet has sent out a spreadsheet containing the personal details of thousands of customers with one of its new ebills.

The spreadsheet - which has been forwarded to PC Pro - contains email addresses, telephone numbers and what appears to be usernames and passwords for the ebilling system.

The spreadsheet was sent to a PC Pro reader who was staggered to discover it attached to an email explaining how to use the new system.

Demon is refusing to disclose how many customers have received the spreadsheet, although it says it's less than a few thousand.

Police forces and NHS trusts are among the email addresses listed in the database

The Excel spreadsheet - which isn't password protected - contains more than 3,600 records. It includes the full name of the customers, email addresses, telephone numbers and names of the customers' businesses. Police forces, NHS trusts and government officials are among the email addresses listed in the database.

The file also includes two unidentified fields which adopt the same format as the username and password for the ebilling system that was sent to the PC Pro reader.

Human error

Demon Internet is blaming "human error" for the security breach. "Customer Information for a limited number of customers who had signed up to Demon’s new paperless billing platform has been circulated as an attachment to an email," a company statement reads.

"To be clear, this information did not contain any financial or payment information (bank details, credit card numbers etc). On discovery, Demon took immediate steps to secure the information/details and security of customers affected."

"We would like to apologise to all concerned but state that this was a limited and isolated case caused by human error and to reassure customers that their security is our key priority."

The PC Pro reader claims the incident is the latest in a series of problems to beset the Demon ebilling system. "Demon's ebilling has been a disaster and continued to be so this morning when relaunched," the reader told us. The company introduced a different ebilling system some months ago, but returned to paper billing following technical difficulties.

Read more

News