Virgin Media, one of the UK’s largest internet and TV cable providers, has admitted that it left a database containing the unencrypted details of more than 900,000 UK residents – including existing and potential customers – freely accessible to anybody on the internet, with no password required.
Security researchers at TurgenSec informed Virgin Media of the security breach late last week, and noted that sensitive information exposed in the database included – but was not limited to – the following:
Full names, addresses, dates of birth, phone numbers, and IP addresses
Requests to block or unblock various pornographic, gore related and gambling websites, corresponding to full names and addresses.
IMEI numbers associated with stolen phones.
Subscriptions to different aspects of Virgin Media services, including premium components.
Those affected included customers with Virgin cable television and telephone accounts, as well as those whose data has been collected as potential future customers.
Fortunately, no passwords and payment details were not exposed in the data breach. And yet, there are clear opportunities for fraudsters to use such details (perhaps via a phone call) to trick Virgin Media’s existing and potential customers into sharing more information about themselves.
The database is thought to have been accessible since at least 19 April 2019, but was quickly taken down by Virgin Media following the researchers’ outreach.
However, as an evidently annoyed TurgenSec described on its website, Virgin Media failed to acknowledge the researchers’ assistance:
We did not seek any remuneration as a result of responsibly disclosing their ..
Support the originator by clicking the read the rest link below.
