Five Companies The Dropped The Ball This Week

Email this CRN article

Password Security Issue Leaves Virgin Mobile Subscribers At Risk

Virgin Mobile USA has fixed its login page, but only after an independent software developer went public with a potentially major security flaw that could have put its 6 million customers at risk.

As noted by Kevin Burke, a California-based software developer, Virgin Mobile was using a system in which customers were required to enter only a six-digit PIN to log into their accounts, which would have made it easy for hackers to guess. Burke reported this to Virgin Mobile a month ago, but the company said it wasn't an issue, so he went public on his personal blog and Twitter.

"This is horribly insecure. Compare a six-digit number with a randomly generated eight-letter password containing uppercase letters, lowercase letters and digits -- the latter has 218,340,105,584,896 possible combinations. It is trivial to write a program that checks all million possible password combinations, easily determining anyone's PIN inside of one day," Burke said in a blog post.


Email this CRN article