Stories
Slash Boxes
Comments

SoylentNews is people

Vodafone Tells Hacked Customers with "1234" Password to Pay Back Money

posted by chromas on Wednesday September 12 2018, @10:44PM   Printer-friendly
from the Czech-your-password dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

A Czech court recently sentenced two hackers to three years in prison for accessing Vodafone customer's mobile accounts and use them to purchase 600,000 Czech Koruna worth of gambling services. Vodafone reportedly wants the hacked victim's to pay for these charges as they were using an easy password of "1234".

According to reporting from Czech news site idnes.cz, the hackers accessed mobile customer's accounts by using the password 1234. Once they were able to gain access, they ordered new SIM cards that they picked up from various branches. As they knew the phone number and password they were able to pick up the SIM card and install it in their phones without any other verification.

This allowed the attackers to charge over 600,000 Czech Koruna, or approximately 30K USD, for gambling services.

What do you lot think, should there be a blatant stupidity tax?

Source: https://www.bleepingcomputer.com/news/security/vodafone-tells-hacked-customers-with-1234-password-to-pay-back-money/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Vodafone Tells Hacked Customers with "1234" Password to Pay Back Money | Log In/Create an Account | Top | 32 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Thursday September 13 2018, @01:27AM (4 children)

    by Anonymous Coward on Thursday September 13 2018, @01:27AM (#733946)

    If passwords are important to you, but not to the users, then assign them.
    Lusers will write them down; eventually remember them; on any case it will make remote exploits more difficult.

  • (Score: 2) by sjames on Thursday September 13 2018, @02:35AM (1 child)

    by sjames (2882) on Thursday September 13 2018, @02:35AM (#733967) Journal
    Vodaphone "sort of" took your advice. They assigned the password '1234' according to TFA.

    • (Score: 0) by Anonymous Coward on Thursday September 13 2018, @03:00AM

      by Anonymous Coward on Thursday September 13 2018, @03:00AM (#733981)

      Their fault then.

  • (Score: 0) by Anonymous Coward on Thursday September 13 2018, @03:10AM (1 child)

    by Anonymous Coward on Thursday September 13 2018, @03:10AM (#733987)

    I have had the same 4 digit PIN on my ATM card and bank account for 35+ years now, zero problems.

    I have had numerous 16 digit credit card numbers, they seem to average about 18 months between fraudulent uses - different use case, different problems with security. Making the CC# 64 digits wouldn't help, people get access to them and abuse them no matter how complex.

    Ergo: the real problem with the 4 digit passwords is that Vodaphone leaked them to the criminals.

    • (Score: 0) by Anonymous Coward on Thursday September 13 2018, @03:15AM

      by Anonymous Coward on Thursday September 13 2018, @03:15AM (#733990)

      For clarity: by the act of assigning 1234 as a default to every customer, Vodaphone effectively leaked the fact that a large number of their customers use the passcode 1234. Doesn't matter that "it's hard to put a different code in every account" Vodaphone is in control of the situation and they mismanaged it (i.e. need to work harder to secure their customers' accounts.)