Virgin Mobile in embarrassing security fiasco
Free flights promo ends in disaster Down Under
A Virgin Mobile promotion in Australia has led to the exposure of thousands of customer's private information online. It's yet another case of a multinational company letting its customers down by using shoddy security to protect personal data.
Virgin Mobile was offering free flights to anyone who bought one of its phones on a contract. The idea was that you'd sign up on the Virgin Mobile website, entering personal information such as your name, address, date of birth and phone number. You then waited for a text message to be sent containing your 'free flight SMS code'.
However, in bizarrely amateurish fashion, the claim codes issued were not random, but generated in sequential order. So by changing the last couple of digits you would be able to view the details of another random claimant.
The basic information available via this very basic hack is often all an identity thief needs to target you with identity theft.
Embarrassing error
The story was broken by the SMH which was tipped off by a concerned Virgin Mobile Australia customer.
"When I attempted to enter my 'free flight SMS code' at the above address I entered the last character incorrectly," the reader told the Sydney newspaper.
"Instead of my details appearing on the page, someone else's details appeared - including their name, address, phone number and date of birth.
"They have chosen to protect mine and the details of others via a system that would probably not even offer protection against a curious 7-year-old (let alone an experienced and devious identity thief)," the reader goes on.
Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.
Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.
"I feel angry and worried that my details have been compromised. I am appalled that such a sloppy system could have been developed in this day and age."
The Virgin Mobile blunder follows last weeks news that the personal data of millions of visa applicants can be easily unearthed online in a similar way, simply by changing the last digits of the site's application URL.
James was part of the TechRadar editorial team for eight years up until 2015 and now works in a senior position for TR's parent company Future. An experienced Content Director with a demonstrated history of working in the media production industry. Skilled in Search Engine Optimization (SEO), E-commerce Optimization, Journalism, Digital Marketing, and Social Media. James can do it all.