Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

WARNING: Eircom broadband users. Your personal information may not be secure

  • 05-11-2010 4:16pm
    #1
    Closed Accounts Posts: 7


    Yesterday I noticed that my broadband usage was showing the incorrect stats. On closer examination I noted that the broadband usage meter was actually giving me someone else's stats. I had not attempted to login or out or the usage meter and this simply happened after booting up my laptop


    I contacted broadband support by telephone and the person I spoke to knew very little about how the usage meter worked. I had to provide that information. It's always a bad start when the person who is supposed to be providing support knows less than me.


    The agent also failed to grasp the seriousness of the problem. If I have access to someone else's details then another person may have access to mine and this problem could be widespread. The information provided could be used to gain further information allowing a malicious person to gain very priviliged information about an eircom customer. I explained to the agent that this is a very serious data protection issue and that this places eircom in breach of their obligations under data protection legislation and potentially places all customers at risk.


    Unsurprsingly I got nowhere on this phonecall. I'm posting this here so other users can know of the dangers. Next step will be Comreg or the data protection commissioner to lodge a formal complaint.


    Best Wishes,
    Barry


Comments

  • Registered Users, Registered Users 2 Posts: 1,397 ✭✭✭dillo2k10


    Something like this happened to me with norton 360.
    When I logged into my account my details were not there. Someone elses name, address, phone number, credit card. This happened 7 times. I contacted all of the people who's details I was given and 3 of them told me that all of my details were in their accounts.


  • Closed Accounts Posts: 16,713 ✭✭✭✭jor el


    Krunchie wrote: »
    If I have access to someone else's details then another person may have access to mine and this problem could be widespread. The information provided could be used to gain further information allowing a malicious person to gain very priviliged information about an eircom customer.

    What information is actually available on the eircom stat-meter though?


  • Closed Accounts Posts: 7 Krunchie


    jor el wrote: »
    What information is actually available on the eircom stat-meter though?

    Not much but that information could be used in turn to get sensitive info. I phoned the person whose details I had to let them know. I knew their name, account details, download capacity, how much they'd used etc.

    If I was a malicious person I could have told that user I was from eircom and used the details to back me up and possibly persuaded them to give me further data. I could also have contacted eircom and claimed to be the other person

    Also if eircom aren't keeping this information secure how confident can we be that the rest of our details are being held securely


  • Registered Users, Registered Users 2 Posts: 3,503 ✭✭✭thefinalstage


    Krunchie wrote: »
    Yesterday I noticed that my broadband usage was showing the incorrect stats. On closer examination I noted that the broadband usage meter was actually giving me someone else's stats. I had not attempted to login or out or the usage meter and this simply happened after booting up my laptop


    I contacted broadband support by telephone and the person I spoke to knew very little about how the usage meter worked. I had to provide that information. It's always a bad start when the person who is supposed to be providing support knows less than me.


    The agent also failed to grasp the seriousness of the problem. If I have access to someone else's details then another person may have access to mine and this problem could be widespread. The information provided could be used to gain further information allowing a malicious person to gain very priviliged information about an eircom customer. I explained to the agent that this is a very serious data protection issue and that this places eircom in breach of their obligations under data protection legislation and potentially places all customers at risk.


    Unsurprsingly I got nowhere on this phonecall. I'm posting this here so other users can know of the dangers. Next step will be Comreg or the data protection commissioner to lodge a formal complaint.


    Best Wishes,
    Barry

    Update your usage meter to the latest version and the issue will be resolved.


  • Registered Users, Registered Users 2 Posts: 150 ✭✭fudgez


    Eircom ridiculously insecure. Seriously never go with eircom if you can avoid it. Just ask anyone who's into computers how easy it is to hack an Eircom wireless network.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,323 ✭✭✭jay93


    eircom dont give a toss about security tbh!


  • Closed Accounts Posts: 162 ✭✭totoal


    Have they shut it down?
    Tried to login with app and can't, but can see figures online. :confused:


  • Closed Accounts Posts: 7 Krunchie


    Update your usage meter to the latest version and the issue will be resolved.

    That's not really the point. My personal data and the personal data of others is at risk


  • Closed Accounts Posts: 7 Krunchie


    totoal wrote: »
    Have they shut it down?
    Tried to login with app and can't, but can see figures online. :confused:

    Mine still works. Their attitude on the phone indicated a complete lack of interest despite my best efforts


  • Registered Users, Registered Users 2 Posts: 12 Queen Maeve


    Hi Krunchie,
    I saw your post re eircom, and am now worried - I was just speaking to them about enrolling for their broadband package. I am moving house and have been with Permanet as Eircom BB wasn't available when i moved here. I wanted to have phone, BB all in one package now, best value. Do you still think their service insecure?
    Any other ideas anyone on what to do?
    I'm new to this site and would appreciate any guidance.:rolleyes:


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 9,153 ✭✭✭everdead.ie


    Update your usage meter to the latest version and the issue will be resolved.

    If he updates sure he might not get other peoples information but others could still possibly be getting his and other people could be at risk too


  • Closed Accounts Posts: 16,713 ✭✭✭✭jor el


    Krunchie wrote: »
    Not much but that information could be used in turn to get sensitive info. I phoned the person whose details I had to let them know. I knew their name, account details, download capacity, how much they'd used etc.

    That much? It seems far too much information to be available to a usage tracker. All it needs is a phone or account number, and your stats. They really shouldn't have any more information than that displayed, as it's not necessary, and in this case, a serious security breech.

    First contact eircom to let them know, then contact the Data Protection Office to let them know.


  • Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    fudgez wrote: »
    Eircom ridiculously insecure. Seriously never go with eircom if you can avoid it. Just ask anyone who's into computers how easy it is to hack an Eircom wireless network.

    Eircom, nor any ISP for that matter is obligated to setup encryption for your wireless network. Infact, many ISP's don't enable any form of encryption and leave you to configure your own wireless network.

    Granted, Eircom's keys were generated by foolish algorithms - but that's not their responsibility. It is their responsibility to provide you with a connection to the internet, and anything on your LAN is your own responsibility.

    If someone didn't take the time out to configure their network and setup WPA rather than out of the box WEP key - that's their own fault, and nobody elses - not eircom's, not the router manufacturer.


  • Registered Users, Registered Users 2 Posts: 426 ✭✭Baneblade


    Not sure how you could see their name.

    For those that dont have it or not seen it i have attached a screenshot, hitting the log in as different user will show the phone/account number it is currently using


  • Closed Accounts Posts: 59 ✭✭Bruno2010


    Baneblade wrote: »
    Not sure how you could see their name.

    For those that dont have it or not seen it i have attached a screenshot, hitting the log in as different user will show the phone/account number it is currently using

    No name is displayed on usage meter, no account number is displayed on usage meter ... only tel number. no other personal details. upgrading to the latest version (re-installing from www.eircom.net/usagemeter ) will provide the latest version and solve any issues where incorrect tel number is displayed


  • Closed Accounts Posts: 7 Krunchie


    Bruno2010 wrote: »
    No name is displayed on usage meter, no account number is displayed on usage meter ... only tel number. no other personal details. upgrading to the latest version (re-installing from www.eircom.net/usagemeter ) will provide the latest version and solve any issues where incorrect tel number is displayed

    At risk of repeating myself, this is not just a technical problem. The details revealed allowed me to very easily determine name, location etc. I phoned the person whose details I had. A malicious type could have said the following
    "Hello Mr X, I'm calling from eircom. I have a copy of your broadband stats in front of me. I wonder if you could....."

    Regardless this information should be held securely and if this info is not held securely then other sensitive info may be at risk.

    Updating software does not make the issue of data protection go away.


  • Closed Accounts Posts: 7 Krunchie


    Hi Krunchie,
    I saw your post re eircom, and am now worried - I was just speaking to them about enrolling for their broadband package. I am moving house and have been with Permanet as Eircom BB wasn't available when i moved here. I wanted to have phone, BB all in one package now, best value. Do you still think their service insecure?
    Any other ideas anyone on what to do?
    I'm new to this site and would appreciate any guidance.:rolleyes:

    Well I think this issue is a concern and maybe make your sales rep read this thread before you sign up. But if I were about to sign up to eircom I would think twice before doing so after finding out about this. .You should at least ensure you use the maximum password protection on your router and ensure you do not use the default password.

    Other contributors should be able to give you further advice


  • Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    Krunchie wrote: »
    At risk of repeating myself, this is not just a technical problem. The details revealed allowed me to very easily determine name, location etc. I phoned the person whose details I had. A malicious type could have said the following
    "Hello Mr X, I'm calling from eircom. I have a copy of your broadband stats in front of me. I wonder if you could....."

    Regardless this information should be held securely and if this info is not held securely then other sensitive info may be at risk.

    Updating software does not make the issue of data protection go away.

    What details did you have as a matter of interest? Anyone can social engineer anyone with no more than a phonebook - so what exact information have you been made privy to?


  • Registered Users, Registered Users 2 Posts: 319 ✭✭java


    Baneblade wrote: »
    Not sure how you could see their name.

    For those that dont have it or not seen it i have attached a screenshot, hitting the log in as different user will show the phone/account number it is currently using

    All I'm seeing is a telephone number here and no other personal details. My understanding from the initial post was someone elses personal details were visible. Am I missing something obvious here?


  • Registered Users, Registered Users 2 Posts: 43 kosie


    Just had a look at my stats on the usage thingie and all I can see is my telephone number and the usage stats.

    If I was a malicious person as you said, I can just as well pick a phone number from the directory and make up some usage stats when phoning that number.

    You are making a huge issue out of nothing, IMHO.:)


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 43 kosie


    java wrote: »
    All I'm seeing is a telephone number here and no other personal details. My understanding from the initial post was someone elses personal details were visible. Am I missing something obvious here?

    The original poster were fibbing, I suspect. :rolleyes:


  • Moderators, Regional Midwest Moderators Posts: 11,183 Mod ✭✭✭✭MarkR


    Minor inconvenience, rather then major security breach I think.


  • Closed Accounts Posts: 7 Krunchie


    I'm not going to keep repeating the same info over and over. I never said "serious" security breach. I used the word "serious" only in relation to rules around data protection. Read the title of this thread. Also like I suggested, within a few mins I had personal info about the eircom customer. When I phoned that person and revealed the information I had they were very unhappy with that. Also I had enough info to act maliciously if I were so inclined.

    But if you guys don't see this as an issue, think I'm "fibbing" or whatever that's up to you. I can't persuade you otherwise and I won't waste yours or my time trying.


  • Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    What information exactly did you have. You're either making a big deal of nothing, or there is genuinely crucial information available that Eircom uses should be aware of.

    So what exactly did you have - Name, phone number, address, account number? If it's just a phone number and a name, then anyone with intentions of social engineering could do that through a phone book. Either alert people properly, or stop fear-mongering.


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    Krunchie wrote: »
    I'm not going to keep repeating the same info over and over. I never said "serious" security breach. I used the word "serious" only in relation to rules around data protection.

    It sounds like a very serious data protection breach TBH. I take it the breach is only for those who register with eircom for online billing and usage and who are not on NGN yet.

    If you are not registered with eircom for online billing and usage stats there is no breach I take it...


  • Registered Users, Registered Users 2 Posts: 3,503 ✭✭✭thefinalstage


    Sponge Bob wrote: »
    It sounds like a very serious data protection breach TBH. I take it the breach is only for those who register with eircom for online billing and usage and who are not on NGN yet.

    If you are not registered with eircom for online billing and usage stats there is no breach I take it...

    The usage meter only works with people using NGB.


  • Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    If the NGN usage app is the problem them PM me for some emails of senior eircom people and give them a week to fix it ....quietly..

    If they don't then go public which is what i did over the WEP issue 3 or 4 years back ..and they started to ship their routers with WPA thereafter.


  • Closed Accounts Posts: 5,429 ✭✭✭testicle


    Much ado about nothing.

    If you want random phone numbers try www.eircomphonebook.ie


  • Closed Accounts Posts: 59 ✭✭Bruno2010


    Sponge Bob wrote: »
    If the NGN usage app is the problem them PM me for some emails of senior eircom people and give them a week to fix it ....quietly..

    If they don't then go public which is what i did over the WEP issue 3 or 4 years back ..and they started to ship their routers with WPA thereafter.

    Hi,

    Already fixed. New version available on www.eircom.net/usagemeter


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 9,732 ✭✭✭weisses


    Krunchie wrote: »
    I'm not going to keep repeating the same info over and over. I never said "serious" security breach. I used the word "serious" only in relation to rules around data protection. Read the title of this thread. Also like I suggested, within a few mins I had personal info about the eircom customer. When I phoned that person and revealed the information I had they were very unhappy with that. Also I had enough info to act maliciously if I were so inclined.

    But if you guys don't see this as an issue, think I'm "fibbing" or whatever that's up to you. I can't persuade you otherwise and I won't waste yours or my time trying.

    Appreciate the effort but the Irish attitude in general is to pretend nothing is wrong and just look the other way


  • Registered Users, Registered Users 2 Posts: 3,503 ✭✭✭thefinalstage


    Bruno2010 wrote: »
    Hi,

    Already fixed. New version available on www.eircom.net/usagemeter

    I mentioned that earlier. I dunno what they want them to do lol.


  • Closed Accounts Posts: 13,874 ✭✭✭✭PogMoThoin


    I don't see what the big deal is, there's no information given that isn't in every phone book


  • Moderators, Technology & Internet Moderators, Regional South East Moderators Posts: 28,536 Mod ✭✭✭✭Cabaal


    PogMoThoin wrote: »
    I don't see what the big deal is, there's no information given that isn't in every phone book

    A lot of people don't list their details in the phonebook, does that still make it ok?


  • Closed Accounts Posts: 20,759 ✭✭✭✭dlofnep


    Cabaal wrote: »
    A lot of people don't list their details in the phonebook, does that still make it ok?

    The OP still hasn't said what details were listed.


  • Registered Users, Registered Users 2 Posts: 3,055 ✭✭✭suppafly


    dlofnep wrote: »
    The OP still hasn't said what details were listed.

    yes he has, twice.

    He said that you can see the person contact details, location and their eircom account number.

    He also said you could then use this information in phishing attacks on people to get further information from unsuspecting or naive people by rining them up pretending you were from eircom and said they was some problem and need some more personal or financial info off them and use the details taken from this to back it up.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,829 ✭✭✭Nemeses


    looking at the screen shot posted earlier, it shows your tel number and your usage.
    Is there an acc number there too? can someone else confirm this?


Advertisement