Submitted via IRC for TheMightyBuzzard
A Czech court recently sentenced two hackers to three years in prison for accessing Vodafone customer's mobile accounts and use them to purchase 600,000 Czech Koruna worth of gambling services. Vodafone reportedly wants the hacked victim's to pay for these charges as they were using an easy password of "1234".
According to reporting from Czech news site idnes.cz, the hackers accessed mobile customer's accounts by using the password 1234. Once they were able to gain access, they ordered new SIM cards that they picked up from various branches. As they knew the phone number and password they were able to pick up the SIM card and install it in their phones without any other verification.
This allowed the attackers to charge over 600,000 Czech Koruna, or approximately 30K USD, for gambling services.
What do you lot think, should there be a blatant stupidity tax?
(Score: 0) by Anonymous Coward on Thursday September 13 2018, @01:27AM (4 children)
If passwords are important to you, but not to the users, then assign them.
Lusers will write them down; eventually remember them; on any case it will make remote exploits more difficult.
(Score: 2) by sjames on Thursday September 13 2018, @02:35AM (1 child)
(Score: 0) by Anonymous Coward on Thursday September 13 2018, @03:00AM
Their fault then.
(Score: 0) by Anonymous Coward on Thursday September 13 2018, @03:10AM (1 child)
I have had the same 4 digit PIN on my ATM card and bank account for 35+ years now, zero problems.
I have had numerous 16 digit credit card numbers, they seem to average about 18 months between fraudulent uses - different use case, different problems with security. Making the CC# 64 digits wouldn't help, people get access to them and abuse them no matter how complex.
Ergo: the real problem with the 4 digit passwords is that Vodaphone leaked them to the criminals.
(Score: 0) by Anonymous Coward on Thursday September 13 2018, @03:15AM
For clarity: by the act of assigning 1234 as a default to every customer, Vodaphone effectively leaked the fact that a large number of their customers use the passcode 1234. Doesn't matter that "it's hard to put a different code in every account" Vodaphone is in control of the situation and they mismanaged it (i.e. need to work harder to secure their customers' accounts.)