UK phone giant EE hit by another security lapse

For the second time this week, U.K. phone giant EE has fixed a security lapse, which allowed a security researcher to gain access to an internal site.

The researcher, who goes by the pseudonym Six, found the company’s internal training site indexed on Google. (We’re not linking to the page as it remains an active site.) Although the site required an employee username and password to log in, the researcher found that an “admin” account existed, of which anyone with the answer to the secret question could reset the password.

Source: UK phone giant EE hit by another security lapse

Advertisements