EnlargeGetty Images

Virgin Media, the British telecom and Cable TV provider, has suffered a breach that allowed unauthorized access to customer data, some of which reportedly linked subscribers to porn, gambling, and extreme violence content.

Virgin Media said in a post that unauthorized access was to a marketing database that included “limited contact information such as names, home and email addresses, and phone numbers” for about 900,000 subscribers. The company went on to say that the breached database contained no passwords or financial information.

Despite Virgin Media characterizing the accessed data as limited contact information, the Financial Times and the BBC reported that the compromised database also included details of some 1,100 customers who had used an online form to request that specific websites be blocked or unblocked. Some of those sites offered content involving porn, gambling, and extreme gore videos.

“The records, seen by the Financial Times, show the website that was being blocked or unblocked linked to the customer names and contact details,” Fridays FT article said. “In some cases that included parents asking for pornographic sites to be blocked to protect children, and other users requesting the Virgin Media unblock access to niche adult websites.”

The availability of customer data opens the 900,000 affected customers to spear-phishing attacks, in which scammers and malware attackers address a target by name or tailor the content of the email to the targets personal details. Attackers often make the emails appear to the company breaching the data, which in this case is Virgin Media.

Even worse, the unauthorized access of sensitive data opens the 1,100 other affected customers to extortion schemes in much the way the devastating 2015 hack of Ashley Madison, a website that arranged trysts for people cheating on their spouses and romantic partners, spurred huge numbers of emails threatening to publish intimate details unless subscribers paid a fee. Five years on, extortion demands continue to come.

Virgin Media said the breach was the result of the database being incorrectly configured. The Register, citing an email sent to affected customers, Read More – Source

[contf] [contfnew]

arstechnica

[contfnewc] [contfnewc]