3 hide their customer database again. Sensible really.
Following on from our earlier story where we revealed how the personal details of almost 80,000 3 Mobile customers could easily be viewed online, the company have plugged the leak and removed any access to the database.
The ease with which Bitterwallet reader Dan was able to access this classified information was staggering to be frank. It all stemmed from an email he was sent from 3, advertising their mobile broadband service (left). Possibly out of sheer boredom but probably out of the curiosity that most of the web-savvy among us possess, Dan right-clicked on the dongle picture and looked for the image source.
This threw up a URL, which led him to a directory of folders where the images that 3 use in their mailouts were stored. Nothing so damning so far. But one of the folders therein looked a little bit more intriguing. Named ‘BB LAPTOP ANTON,’ its contents amazed Dan, as well as us when we saw them. Three CSV files, listing the names and addresses of what we assumed were customers of 3. A grand total of 79,035 of them (excerpt below). Either way, it was data that should have been kept strictly confidential and certainly not accessible to any net user with a little bit of nous.
3 have subsequently removed the info from public view and hopefully the mistake won’t be repeated. It would be interesting to see what the Information Commissioner might have to say about it all though…
EDIT: A 3 spokesman has contacted us regarding the security leak and said, "The information referred to has now been removed from the Internet. We're still in the process of investigating, however our initial research indicates that, in all probability, this is not a list of 3 UK customers. Less than 5% of names on initial investigation are 3 customers.
"We're clearly still concerned that there could be any compromise of consumer data associated with the marketing of our products and we are doing everything in our power to find out where this information has come from. What is important to note is that the data only consisted of names and addresses - no consumer financial information was exposed at any point."