BT Openworld security issues
Thursday 15 August 2002 16:23:00 by
has information that is worth passing on to our readers relating to
security and the BT Openworld helpdesk.
The statment appears to be a result of both the recent problems BT Openworld had with a security hole on their order tracking page and helpdesk staff passing on passwords to people who were not
actually the account holder.
The statement says:
Issue: security loophole on order tracking page
BT Openworld would like to thank the reader and ISP Review for bringing this to our attention. Thankfully this is a rare occurrence and we apologise for the error. We have reiterated the great
importance of security to all of our helpdesk agents – and revisited this aspect of their training with them.
Password security is a major priority for BT Openworld, so that customers feel confident using our services. It is not usual practice for our helpdesk to volunteer passwords.
Helpdesk agents validate the identity of a customer before discussing or amending any customer details. When identifying a customer, agents will ask for a password and if this has been forgotten,
the customer’s mother’s maiden name. If the customer has also forgotten this we will ask for their ‘helpdesk phrase’, which was requested from the customer during
registration. In an extreme example where this too has been forgotten, the helpdesk agent will take further action depending on the type of account.
Anytime customers will be called back by a manager who will confirm other details relating to the account.
- Surftime customers must confirm their telephone account number.
- Pay as you Go customers will have to send an original utility bill, bank or credit card statement to the helpdesk where a new password will be dispatched by return post.
BT Openworld Spokesperson