Oftentimes it’s not just the users’ fault for not coming up with outrageously challenging passwords. That’s what developer Kevin Burke says about security flaws that make Virgin Mobile accounts easy to hack.
The thought that a skilled hacker could easily tap into your private online data and do whatever can send chills up your spine. For the most part, a cyber attack is possible because of users’ disbelief a hacker would target them. But many other times it’s the websites’ inadequate security measures that allow data leaks.
Independent developer Kevin Burke published a post recently that has six million Virgin Mobile subscribers concerned. Apparently Virgin Mobile accounts are incredibly easy to hack into. Put in Burke’s words, basically “if you are one of the six million Virgin subscribers, you are at the whim of anyone who doesn’t like you”.
It’s the hassle free authentication method that puts those six million Virgin Mobile accounts at risk of an attack. Virgin Mobile subscribers use their own phone numbers as a username and have a six-digit number as their password. This means there are only one million passwords available.
“It’s trivial to write a program that checks all million possible password combinations, easily determining anyone’s PIN inside of one day” warns Kevin Burke. So, in a nutshell, “anyone who knows your Virgin Mobile USA phone number can: see who you’ve been calling and texting” and make all sorts of changes, from the handset associated with your number, to your email address and password. Plus, the attacker can even make purchases in your name.
What’s even worse, according to Kevin Burke, is that given today’s Virgin Mobile’s security measures, “there is no way to defend against this attack”. A hacker could hijack your Virgin Mobile account in a few hours. The attack would imply making “hundreds of request to Virgin’s servers per second and find the right PIN” and it be hidden if the hacker would limit the “requests below a performance-degrading level”.
The developer explained he discovered that Virgin Mobile accounts are easy to hack a few weeks ago. He decided to go public only after the retailer refused to deal with the situation or implement Burke’s suggestions to improve security.
Although six million subscribers are now worried their Virgin Mobile accounts could be hacked, the company explains on its website it is “strongly committed to protecting the privacy of …customers” by using “standard industry practices”.