p2pnet - rss feed: ISP reveals passwords
p2pnet.net News:- Almost 400,000 customers of Swedish broadband supplier Bredbandsbolaget have been told to change their internet passwords because it revealed them during a snail-mail campaign.
“Bredbandsbolaget, which is a subsidiary of Norway’s Telenor, wanted to persuade its customers to download free music, and sent advertising material to 380,000 customers in an open letter,” says The Local, adding:
“Customers who, for the sake of convenience, use the same password elsewhere - which is likely to be the majority - are being advised to change all such passwords.”
Also See:
The Local - 380,000 passwords released in ad blunder, September 6, 2006
p2pnet newsfeeds for your site.
rss feed: http://p2pnet.net/p2p.rss
Mobile - http://p2pnet.net/index-wml.php
September 7th, 2006 at 7:03 pm
If my ISP ever does that to me, I’ll find another…FAST!
September 8th, 2006 at 7:43 am
The big question: Why does the ISP have the password at all?
They shouldn’t store the passwords themselves, but rather one way hashes* of the password. When the user attempts to log in, their supplied password is then hashed and compared with the stored hash for correctness. This is the way passwords have been securely handled for decades.
*For those who don’t know, a one way hash is just what it sounds like. A mathematical operation is preformed on the data resulting in a number. The number can not be used to find the original data, but the same data always produces the same number.
wikipedia: http://en.wikipedia.org/wiki/Cryptographic_hash_function