If you're subscribed to BT's landline phone service, you may want to keep an eye on your bill in the near future. The British provider recently patched up a website issue that showed account holders' full names, but attention is being drawn to an approach that lets visitors add paid features like TV service using only an account's phone number and postcode as credentials. When both of these are potentially in the public eye, that creates understandable concerns that a rogue agent could hike someone's rates without consent -- even the email address BT uses to confirm changes is only chosen on the spot, which could keep the change a secret early on. BT so far contends that the light security is for "customer convenience," although we've reached out to verify whether or not that will continue to be the company's policy going forward. In the meantime, those still on the carrier's traditional phone service will want to be careful about giving out their number to strangers; while the risk isn't extreme in practice, there's no need to hand someone the keys to the kingdom.
Filed under: Internet
Via: The Verge
Source: The Register