[Darth-Habib]

Blimey

One of Britain's biggest mobile phone companies has admitted to a major cyber-security breach which could put the personal data of millions of customers at risk.

Three Mobile admitted that hackers have successfully accessed its customer upgrade database after using an employee login.

Sources familiar with the incident told the Telegraph that the private information of two thirds of the company's nine million customers could be at risk.

The company confirmed the breach on Thursday evening but declined to say whether customers' data was stolen or how many have been affected.

Three said that the data accessed included names, phone numbers, addresses and dates of birth, but added that it did not include financial information.

http://www.telegraph.co.uk/news/2016...ate-data-at-r/

[clewsy]

Well that could be the final nail in Three as it is.

They seem lost at the moment and either need to invest and attract customers or just lover prices and get back to bargain basement.

[plymouthbloke1974]

Oh my.... this certainly doesn't bode well.

[Darth-Habib]

Quote:

Originally Posted by clewsy

Well that could be the final nail in Three as it is.

They seem lost at the moment and either need to invest and attract customers or just lover prices and get back to bargain basement.

This is the sort of stuff that makes customers flee

The company only discovered the scale of the problem after they received complaints from customers that scam callers were attempting to gain access to their bank accounts.

[Carl_Boys]

At least card details haven't been taken. Annoying but all cyber criminals are doing it and hard for these firms to keep up with the sophisticated ways. If they get hold of my info il still be staying put and the network works for me and is the only one to offer unlimited data!

[jonmorris]

You'll now get unlimited data AND unlimited spam calls!

Actually, I don't know why I'm joking as I'm still a Three subscriber and no doubt Three will have kept details from my wife's account (just as TalkTalk held on to personal info long after people left).

[JasonWatkins]

And i've only been with three about a fortnight as well ..

[prking]

Three's response had been disappointing so far.

Nothing on the website at all about this at the moment. Their only response send to be that the Twitter team are aware of it but have no information.

If, as the reports say, six million customers name, address and date of birth have been compromised then Three would be expected to act quickly. They first noticed this four weeks ago!

[Thine Wonk]

Fortunately limited information, no passwords or banking information. still bad but not the worst.

[prking]

The concerning thing is that as well as name, address, and phone information. They apparently have date of birth.

I think any Three customers would be wise to keep an eye on their credit report for any unusual activity (searches etc). Perhaps Three should provide a years free monitoring?

[Brian The Dog]

I don't care as I've just won a time-share holiday from a nice man in Nigeria in exchange for my bank details!

[Thine Wonk]

Arrests made

http://news.sky.com/story/cyber-hack...-risk-10661179

Quote:

It's understood the hackers used the information to arrange for eight customer upgrades before intercepting them.

On Wednesday, the National Crime Agency (NCA) arrested a 48-year-old from Orpington, Kent, and a 39-year old from Ashton-under-Lyne, Manchester, on suspicion of computer misuse offences.

A 35-year old from Moston, Manchester, has also been arrested on suspicion of attempting to pervert the course of justice.

"This upgrade system does not include any customer payment, card information or bank account information."

[Thine Wonk]

Quote:

Originally Posted by prking

The concerning thing is that as well as name, address, and phone information. They apparently have date of birth.

I think any Three customers would be wise to keep an eye on their credit report for any unusual activity (searches etc). Perhaps Three should provide a years free monitoring?

You can get free monitoring now anyway from a couple of the different organisations, more have gone free as the way they make their money is by referring you to credit you're likely to be accepted for based on your score.

[Zebb]

Three's system that's supposed to allow you to change your password has been down since 10pm last night as well.

[binary]

Quote:

Originally Posted by jonmorris

You'll now get unlimited data AND unlimited spam calls!

Actually, I don't know why I'm joking as I'm still a Three subscriber and no doubt Three will have kept details from my wife's account (just as TalkTalk held on to personal info long after people left).

Likewise I'm a former customer.

I await more information on this hack... it doesn't seem quite as simple as the TalkTalk breach (a very basic SQL injection attack) as a login was needed, but perhaps it wasn't that much more complicated... we shall see. (Up to a point - companies hit by these attacks aren't necessarily that open about them, so it's a case of piecing together information and informed assumptions about what probably happened.)

There will be many more such hacks of consumer data from all sorts of databases, including some we never get to know about and some the database owner never becomes aware of either.

On the one hand I kinda feel a sense of futility, inevitability and helplessness about it all... on the other hand, these companies and organisations really need to get their head around the idea they are the custodians of our information, and get on top of what properly protecting it entails.

[Mark C]

Quote:

Originally Posted by Zebb

Three's system that's supposed to allow you to change your password has been down since 10pm last night as well.

The My3 site is a pile of half working cack at the best of times !

Back in June they were asking for a one off email verification step (not a bad idea by any means) , and you could skip it, but only three times. My lad tried to make the verification work every time he logged on, a mail would arrive, but clicking on the link just lead to an error page. However, he must have done that twenty times, and still had access.

Then last month his data usage simply said '1', dunno whether that was B, kB MB, GB or TB.
Topping up with his usual 12 gigs a month deal, didn't change that.

Then about two weeks ago, all started working, (except he'd never succesfuly verified his email, but hey !)

[Faust]

Quote:

Originally Posted by Carl_Boys

At least card details haven't been taken. Annoying but all cyber criminals are doing it and hard for these firms to keep up with the sophisticated ways. If they get hold of my info il still be staying put and the network works for me and is the only one to offer unlimited data!

What staggers me is that they were apparently able to get this access with just a simple employee login? Why was an employee login allowed to happen outside of Three's internal systems? Are they not on some form of Intratnet?

[Faust]

The BBC are now reporting that 3 men have been arrested regarding this breach. It appears it has more to do with stealing upgrade handsets (around 400 is the estimate) than wanting to sell on data.

[bikerlad]

So over 400 handsets are ordered, which a customer not wanting one signs for, then someone breaks in to their house and steals the phone. If a phone arrived that I didn't order I'd be straight on the phone to Three. Makes you wonder how many handsets had been ordered, and they broke in and didn't find one!

[clewsy]

Well this is what we are being told .... However people are reporting three data being sold on the dark web.

It's not good that it's date of birth , maiden name etc as this is decent data for someone who wants to use it,

[Faust]

Quote:

Originally Posted by clewsy

Well this is what we are being told .... However people are reporting three data being sold on the dark web.

It's not good that it's date of birth , maiden name etc as this is decent data for someone who wants to use it,

If we get lot's of people with names like Ethel and George, but who can't speak a word of English and claim to live in Chipping Ongar then we know where they got the details from.

[sdduk]

Trouble is all the big company's are being hacked at the moment and there seem to be nothing anyone can do about it apart from the government making money by fining the company's then it feeds back to the customers to pay the price for it.

[daveh75]

Three CEO has told the register that 138k customers details were exposed and 8 phones stolen

http://www.theregister.co.uk/2016/11...o_admits_hack/