TECH NEWS

Welcome to your new telco job – here's sudo access to a database with full customer info stored in the clear

https://image.theregister.com/5257971.jpg?imageId=5257971&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

It happened at a major US telco in the early 2000s

PWNED Welcome back to PWNED, the weekly column where we register some of the worst tech security mistakes our readers have ever seen. Our goal: to help you not do the same.

Have a story about someone leaving a gaping hole in their network? Share it with us at pwned@sitpub.com. Anonymity is available upon request.

This week's tale of code carelessness comes courtesy of a database administrator we'll Regomize as Joker. Back in the first decade of the 21st century, she went for a job interview at one of the USA's leading national cellular carriers.

What she saw would make you want to swap your SIM.

After a successful meeting with a hiring manager, Joker was hired on the spot.

Within hours the company sudo-level access to a database server, then instructed her to "take a look" at...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE

Read more