Submitted via IRC for TheMightyBuzzard
A Czech court recently sentenced two hackers to three years in prison for accessing Vodafone customer's mobile accounts and use them to purchase 600,000 Czech Koruna worth of gambling services. Vodafone reportedly wants the hacked victim's to pay for these charges as they were using an easy password of "1234".
According to reporting from Czech news site idnes.cz, the hackers accessed mobile customer's accounts by using the password 1234. Once they were able to gain access, they ordered new SIM cards that they picked up from various branches. As they knew the phone number and password they were able to pick up the SIM card and install it in their phones without any other verification.
This allowed the attackers to charge over 600,000 Czech Koruna, or approximately 30K USD, for gambling services.
What do you lot think, should there be a blatant stupidity tax?
(Score: 3, Interesting) by Anonymous Coward on Thursday September 13 2018, @12:07AM (2 children)
1-2-3-4 isn't blocked by Vodaphone as a combo.
If it's insecure reject it. Otherwise allow it. Either 1234 and 1111 and 0000 and 9876 are allowed, or not. If not, what about digits of pi or e? What about years - anything starting with 19** or 20** or mabye even further back. Pretty soon there aren't many numbers left, in that 10,000.
(Score: 5, Informative) by sjames on Thursday September 13 2018, @12:15AM (1 child)
Not only not blocked, according to TFA, they set it as a default on every new account.
(Score: 4, Insightful) by JoeMerchant on Thursday September 13 2018, @03:07AM
So, that should be the "reset your password today" prompt that comes up every day your password is still the default 1234. If they're not actively prompting them to change it, I'd say it's as valid as any other password.
Furthermore, if the password is limited to 4 numerical digits, Vodaphone should be held liable anyway. The available code space for passwords should exceed the number of customers, period - preferably by a large factor like the number of customers squared.
🌻🌻 [google.com]