Vodafone blames customers for the weak password and the hack
Two hackers who used Vodafone customer accounts to make fraudulent mobile payments are already in prison in the Czech Republic.
According to the Czech press, hackers gained access to other people's accounts who were using simple passwords. Due to this fact, hackers easily activated SIM-cards and used them to send paid SMS to gambling services.
The total damage amounted to about $30 thousand dollars. One of the attackers got two years in prison, the other three.
Meanwhile, Vodafone believes that customers who have used weak passwords such as 1234 or QWERTY should compensate for the damage.
The victims claimed that they did not know anything about passwords and the online store selling Vodafone services. According to them, the Vodafone employees set a password after their purchase in the shop.
"On the one hand, Vodafone's position in something can be understood: if the users themselves do not want to take care of their security even at the most basic level, then they need to deal with the consequences," says Oleg Galushkin, Director of information security at SEC Consult Services. - On the other hand, it's fault of Vodafone. The weak protection of the portal My Vodafone can be the cause of the incident."
According to the Czech press, hackers gained access to other people's accounts who were using simple passwords. Due to this fact, hackers easily activated SIM-cards and used them to send paid SMS to gambling services.
The total damage amounted to about $30 thousand dollars. One of the attackers got two years in prison, the other three.
Meanwhile, Vodafone believes that customers who have used weak passwords such as 1234 or QWERTY should compensate for the damage.
The victims claimed that they did not know anything about passwords and the online store selling Vodafone services. According to them, the Vodafone employees set a password after their purchase in the shop.
"On the one hand, Vodafone's position in something can be understood: if the users themselves do not want to take care of their security even at the most basic level, then they need to deal with the consequences," says Oleg Galushkin, Director of information security at SEC Consult Services. - On the other hand, it's fault of Vodafone. The weak protection of the portal My Vodafone can be the cause of the incident."
from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/2oS5Aau