© R3 Cyber Security
Vodafone refuses to compensate several victims of hacking because their passwords were “1234”
Karen Corredor // 18 September , 2018
Who is right, the company that allows such a weak password or the user responsible for their psw?
A few days ago the news leaked that Vodafone will not indemnify its customers hacked in the Czech Republic for having the password “1234” in the online platform My Vodafone. The attackers accessed the accounts of Vodafone users using that password and requested new SIM cards, which they collected in several branches and installed in different phones. This allowed the hackers to charge more than $ 30,000 for gambling services.
Given this situation Vodafone states that ignorance is not an excuse for cybersecurity. It affirms that it has no responsibility whatsoever and that it will not pay the damages to the clients, since they are directly responsible for the management of their passwords.
On the other hand, the users, even admitting that these codes had been delivered as temporary credentials, denounce that Vodafone did not warn them that they should modify them and in some cases, the clients apparently did not even know they had a web account.
Are the users responsible or the companies that allow such weak passwords?
Cybercriminals have been sentenced to three and two years in prison respectively, however, Vodafone refuses to pay and also wants the victims to cover the damages.
Jiri Kropac, head of threat detection at ESET, tested the MyVodafone portal and confirmed that security is deficient since a password can only consist of 4-6 digits in length (when at least 10 are recommended). It is therefore obvious to affirm that Vodafone’s authentication configuration is insufficient.
At this point it could be concluded that, even taking as reasonable the argument that users should be the first to worry about their safety and the consequences of not doing so, it is negligent that a telecommunications operator that works with millions of data does not establish the necessary security measures in their platforms, exposing bad management in the protection of personal data (more so if remembering that in 2015 Vodafone UK already suffered a security breach that meant access to their systems and the theft of information from about 2,000 customers).
Let’s take advantage of at least this incident to become aware of the importance of passwords and strengthen their robustness
If you are one of those people who use as password 1234, the name of your cat or the famous word Password, you are in danger.
From R3 CyberSecurity we share, with the help of our CISO Javier Calatrava, the necessary tips to generate a secure password.
3 tips to make your password one of the safest:
1. SIZE DOES MATTERS
We suggest you it have to have at least 10 characters
2. DIVERSITY ALWAYS CONTRIBUTE MORE
Use four types of lowercase characters, capital letters, numbers, and special characters (#, @, € …)
3. A PHRASE MADE PASSWORD
Transcribe the initials of each word, and use the special characters and numbers to replace some letters. Ex: a = @, e = 3, i = 1, or = 0
Think of that song that you always have in your head, or the date on which your football team won the European Cup (although you want you can not forget it)
Chorus of my favorite song: Porque mi cintura necesita tu ayuda no lo tengo en las venas y no lo puedo controlar!
Phrase transformed into a secure password: Pmcnt@nlt3lv&nlpc!
Karen Corredor Avila | Marketing Digital Assistant R3 CyberSecurityS
Share it with your friends!
JOIN OUR TEAM
Meet all the professional opportunities that will allow you to achive your personal goals.