Stories
Slash Boxes
Comments

SoylentNews is people

Vodafone Tells Hacked Customers with "1234" Password to Pay Back Money

posted by chromas on Wednesday September 12 2018, @10:44PM   Printer-friendly
from the Czech-your-password dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

A Czech court recently sentenced two hackers to three years in prison for accessing Vodafone customer's mobile accounts and use them to purchase 600,000 Czech Koruna worth of gambling services. Vodafone reportedly wants the hacked victim's to pay for these charges as they were using an easy password of "1234".

According to reporting from Czech news site idnes.cz, the hackers accessed mobile customer's accounts by using the password 1234. Once they were able to gain access, they ordered new SIM cards that they picked up from various branches. As they knew the phone number and password they were able to pick up the SIM card and install it in their phones without any other verification.

This allowed the attackers to charge over 600,000 Czech Koruna, or approximately 30K USD, for gambling services.

What do you lot think, should there be a blatant stupidity tax?

Source: https://www.bleepingcomputer.com/news/security/vodafone-tells-hacked-customers-with-1234-password-to-pay-back-money/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Vodafone Tells Hacked Customers with "1234" Password to Pay Back Money | Log In/Create an Account | Top | 32 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Wednesday September 12 2018, @10:54PM (3 children)

    by Anonymous Coward on Wednesday September 12 2018, @10:54PM (#733889)

    Do you know everything? Because you are gonna pay that tax otherwise.

  • (Score: 2) by maxwell demon on Thursday September 13 2018, @07:33AM

    by maxwell demon (1608) Subscriber Badge on Thursday September 13 2018, @07:33AM (#734078) Journal

    Stupidity != ignorance.

    --
    The Tao of math: The numbers you can count are not the real numbers.

  • (Score: 2) by fyngyrz on Thursday September 13 2018, @02:26PM (1 child)

    by fyngyrz (6567) on Thursday September 13 2018, @02:26PM (#734247) Journal

    What do you lot think, should there be a blatant stupidity tax?

    Yes. On the company that couldn't be bothered to look at a prospective password and make sure it complies with just a few simple metrics.

    How many times have we seen password systems that require at least one lower case, and one upper case, and one number, and one punctuation, plus a minimum length? What's so bloody hard about that? Or going even further with metrics like "letters must not be sequential or duplicate", etc.?

    Seriously, the problem here is that these operations dumb things down — either because they are dumb, or because they want every freaking IQ-bereft customer to drool their way into their coffers — beyond any reasonable degree.

    Password security matters when the customer's data is involved, as it was in this case. Any idea that it's "too hard" is a hugely bad idea. Any failure to see to it that password security is maintained is stupid, whether intentional or not.