Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Password Control Highlighted In Australian Vodafone Privacy Alert

Lieberman Software : 12 January, 2011  (Technical Article)
Lieberman Software comments on the Privacy Commissionerís involvement in Vodafone Australia after significant data breach in the country
Reports that Vodafone’s Australian operation is in the firing line of the country's Privacy Commissioner, following the apparent placing of billing and call records of millions of its customers on a Web site whose password is only changed on a monthly basis, have been met with alarm by Lieberman Software.

 

According to the identity management specialist, the saga is a classic situation of what can happen when too many people have access to high level account credentials and corresponding sensitive information.

 

"The newswires are already reporting that at least one class action-style lawsuit is being prepared, and there will undoubtedly be others," said Philip Lieberman, Lieberman Software's president, adding that “it appears that someone within Vodafone Australia shared a password with an unauthorized individual.”

 

“It is telling that Vodafone Australia's chief exec has told the media the carrier is now resetting its passwords every 24 hours, since the monthly changes are clearly what caused the widely reported security problem for the carrier. ”

 

The fact that the carrier only became aware of the security problem when it was tipped off by a newspaper reporter on Saturday shows the potential of what can happen when you fail to secure privileged account credentials, explained Lieberman, noting that the problem appears to have been contained largely because of a tipoff by the reporter concerned.

 

Lieberman said: "The saga is now under active investigation by Vodafone and the fact that the Australian Privacy Commissioner is also involved, means that the situation will hopefully be contained and fully disclosed. In the longer term there may be the issue of a regulatory fine to deal with, and there has definitely been some brand damage here. There may even be lawsuits. This really is a classic case of what can happen when a company's data security methods - or rather, an alleged lack of them - are revealed in public," he added.

 

“The biggest threat to organisations,” Lieberman said, “is the lack of automated management of sensitive accounts/passwords (called privileged accounts). The persistent use of shared accounts using simple passwords and being manually managed will lead to more examples of this type of disaster.  Many government and financial organisations have already upgraded their environments to use automated solutions, but it appears that only a major embarrassment and customer anger will prod companies like Vodafone to adopt an automated solution.”
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   ¬© 2012 ProSecurityZone.com
Netgains Logo