Virgin Media's Leaked 'Limited Contact Info', Meant P0rno Filter Requests, IP Addresses, and More
upstart writes in with an IRC submission for SoyCow4275:
A Virgin Media server left facing the public internet contained more than just 900,000 people's "limited contact information" as the Brit cable giant's CEO put it yesterday.
In fact, the marketing database also contained some subscribers' requests to block or unblock access to X-rated and gambling websites, unique ID numbers of stolen cellphones, and records of whichever site they were visiting before arriving at the Virgin Media website.
This is according to British infosec shop Turgensec, which discovered the poorly secured Virgin Media info silo and privately reported it to the broadband-and-TV-and-phone provider. The research team today said the extent of the data spill was more extensive, and personal, than Virgin Media's official disclosure seemed to suggest.
Here, in full, is what Turgensec said it found in the data cache that was exposed from mid-April to this month:
- Full names, addresses, date of birth, phone numbers, alternative contact phone numbers and IP addresses - corresponding to both customers and "friends" referred to the service by customers.
- Requests to block or unblock various pornographic, gore related and gambling websites, corresponding to full names and addresses. IMEI numbers associated with stolen phones.
- Subscriptions to the different aspects of their services, including premium components.
- The device type owned by the user, where relevant.
- The "Referrer" header taken seemingly from a users browser, containing what would appear to be the previous website that the user visited before accessing Virgin Media.
- Form submissions by users from their website.
Read more of this story at SoylentNews.