Printed from www.pcpro.co.uk
Demon ebill blunder exposes thousands of passwords
Posted on 23 Sep 2009 at 09:35
Demon Internet has sent out a spreadsheet containing the personal details of thousands of customers with one of its new ebills.
The spreadsheet - which has been forwarded to PC Pro - contains email addresses, telephone numbers and what appears to be usernames and passwords for the ebilling system.
The spreadsheet was sent to a PC Pro reader who was staggered to discover it attached to an email explaining how to use the new system.
Demon is refusing to disclose how many customers have received the spreadsheet, although it says it's less than a few thousand.
Police forces and NHS trusts are among the email addresses listed in the database
The Excel spreadsheet - which isn't password protected - contains more than 3,600 records. It includes the full name of the customers, email addresses, telephone numbers and names of the customers' businesses. Police forces, NHS trusts and government officials are among the email addresses listed in the database.
The file also includes two unidentified fields which adopt the same format as the username and password for the ebilling system that was sent to the PC Pro reader.
Human error
Demon Internet is blaming "human error" for the security breach. "Customer Information for a limited number of customers who had signed up to Demon’s new paperless billing platform has been circulated as an attachment to an email," a company statement reads.
"To be clear, this information did not contain any financial or payment information (bank details, credit card numbers etc). On discovery, Demon took immediate steps to secure the information/details and security of customers affected."
"We would like to apologise to all concerned but state that this was a limited and isolated case caused by human error and to reassure customers that their security is our key priority."
The PC Pro reader claims the incident is the latest in a series of problems to beset the Demon ebilling system. "Demon's ebilling has been a disaster and continued to be so this morning when relaunched," the reader told us. The company introduced a different ebilling system some months ago, but returned to paper billing following technical difficulties.
Author: Barry Collins
Human error is natural, and I feel truly sorry for whoever pressed the send button.
However, the comment seems to be sweeping the issue under the carpet. Names, email addresses and telephone numbers are still a significant breach of not only security, but also customer trust.
It will be nice to see if Demon customers get an apologetic email (they haven't yet!), or whether it will be hoped that "no-one noticed".
By martinc on 23 Sep 2009 
shameful
Human error is understandable, but the fact that Demon seems to have very little internal security seems very disappointing.
A spreadsheet with customers username and password should have been able to be distributed outside of the company system, I find it to be gross incompetence on the part of companies and organisations who have little or no internal document security system to prevent small breaches such as this.
I'll be taking note to stay well clear of Demon in the future.
By saqib_ on 23 Sep 2009
Note to Self
Note to self... Steer clear of Demon.
Hold on, I'm sure I've already got a similar note to self after last time.
By GlasgowGuy on 23 Sep 2009
Typical of Demon these days
Was with Demon >14 years. Left 1 month ago because I could take any more of their declining standards and awful customer service.
Can't say I'm surprised by this latest ebilling disaster. They seem to have made a real mess of this - I'm sure it's almost two years since they first tried to get this off the ground.
Demon need to be hauled over the coals on this and handed a massive fine. I'm far more concerned when my name and address gets handed out than when my credit card number ends up in the wrong hands. I can cancel my credit card - I can't change my name and address so easily. Name and address is all that's needed to carry out id theft. Wake up Demon!
By agavinm on 24 Sep 2009
Have to somewhat agree
'agavunm' you certainly got the customer services bit right!
I called one day to ask if I was upto date on payments. Instead of an answert the lady said that I needed to look at ebilling. The frustration of some literally 3 hours over 2 days to find ebill is just .pdf's of your last 13 months invoices beggars belief.
To now hear that with their new connect data (I got mine)this kind of thing has happened worries me. No one told me the extent of the problem. Probably the 'miscreant' will get promotion!
Michael
By photomanlondon on 24 Sep 2009
advertisement
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Flash 10.1: Developing for Desktop and Device
- Microsoft Office 2010 screenshots: Recover unsaved items
- Microsoft Word 2010 screenshots: Text Effects
- Microsoft Word 2010: inserting screenshots
- Avira Premium Security Suite 9
- ZoneAlarm Internet Security Suite
- Webroot Internet Security Essentials
- Trend Micro Internet Security
- PC Tools Internet Security 2009
- Panda Internet Security 2009
- Norton Internet Security 2009
- Kaspersky Internet Security 2009
- F-Secure Internet Security 2009
- Eset Smart Security
- BitDefender Total Security 2009
advertisement
