Blog article
See all stories ยป

Cellphone Company doesn't understand Security basics

I had an interesting experience during the volcano disruptions which showed how Phone Companies aren't doing joined up thinking on Security.

I was stranded without phone access on my Blackberry. I emailed Virgin Media from my pre-registered e-mail account to ask them to give me international access for my location. Their response was that for my safety & security they couldn't accept a plain e-mail from me. They said I had to logon to the Virgin Media website and login to my BlackBerry account and e-mail them from therein.

Unfortunately I couldn't recall my password to access my Virgin Media account. So I asked them to e-mail me my Password.

They readily e-mailed me my Password in the clear, so it hadn't been stored hashed.

I then logged on, wasn't forced to do a password re-set, and I re-sent my original e-mail request, citing the same e-mail address. They then gave me the international access I needed so that I could make alternative arrangements with family & colleagues in the UK, as I was going to return to UK some 7 days behind schedule. In practice it took 4 days to arrange all of the above.

Given their refusal to accept my initial request from my pre-registered e-mail address, but their willingness to send out my password in the clear, rather than force me to do a password re-set, it would suggest they don't have too much joined-up thinking.


Comments: (1)

John Dring
John Dring - Intel Network Services - Swindon 22 June, 2010, 12:19Be the first to give this comment the thumbs up 0 likes

I was about to assume that you were going to make a technical/picky point about security, but yep, it looks pretty dumb.  But wait.  Sending a password in the clear is pretty standard for such an account (a reminder might have been marginally better [if there was one].  Or if they didn't trust the integrity of the email sender then they could have generated a new password, which wouldn't expose a potential 'friendly' password and would allow you to set it back to one you prefer.

The obvious thing here, I would think, would have been for them to send you a text with the reminder/password!  Some encryption at least, and they are the phone company.

Keith Appleyard

Keith Appleyard

IT Consultant

available for hire

Member since

17 Aug 2007



Blog posts




This post is from a series of posts in the group:


A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.

See all

Now hiring