This entry was posted on
Thursday, October 18th, 2007 at
2:53 pm and is filed
under The Political Weblog Movement.
Via Dave Cross:
The Register – Fasthosts customer? Change your password now: Fasthosts, “the UK’s number 1 web host”, has fired off emergency emails telling customers to change all their passwords after police were called in to investigate a major data breach… We’ve asked Fasthosts why the passwords were not encrypted in the first place. It said: “Historically, Internet companies have rarely encrypted passwords to aid customer service.”
As many people under comments at El Reg have pointed out, that last bit (probably from the desk of Richard ‘I get paid to hide under my desk’ Stevenson) is absolute bullshit.
Poor security is not a usability feature. They should have done far better far earlier.
Additionally, yesterday it was reported that Fasthosts admitted to a botched update to its mail server that permanently deleted customer emails. As with this latest disaster, they then went on to assure customers that they had taken new measures to ensure that such a disaster would not happen again when, by most accounts, with a quality host it wouldn’t have happened in the first place.
I’ve read many published reports from other Fasthosts users that would appear to suggest that Fasthosts make it difficult for their customers to move on without fuss and fees, but after these two disasters, I’m sure you can throw their terms and conditions in their face and see how they like it.
Fasthosts do, after all, make the following promise;
“We will endeavour [sic] to provide a continuous high quality service.”
And – just between you, me and the gatepost – I’m not seeing much endeavouring going on, just a fuck of a lot of dawdling.
UPDATE – Those with a taste for irony may appreciate that Fasthosts released their first press release for months yesterday, offering a new range of dedicated servers. In it, they claim:
Servers are located within Fasthosts’ superior data centre in Gloucester, where all data is continually protected against fire, gas, water, power failure and unauthorised access.
For added irony, if you go back to earlier press releases (i.e. before recent incidents highlighting extremely poor examples of customer communication on their part) you’ll see a release titled; Slow response to customer emails fatal for UK businesses.
For added extra high-octane über-irony with sprinkles, revisit yesterday’s post, which includes – totally coincidentally, I assure you – a hypothetical situation involving those moments when public confidence and awareness is key and cites a new product launch as a primary example.
UPDATE – Via this discussion thread comes this worrying claim and call to action; If anyone has an account on Fasthosts, I would advise them to keep an eye on their credit card / bank details, as these used to be held unencrypted along with the passwords.
I’ll give Clive a heads-up, just in case historical data has been compromised in this way.
UPDATE – Clive has received the following response from Fasthosts (What? Suddenly they’re talking to us again?): Fasthosts: I can confirm that credit card details are stored in an encrypted format on our systems and we do not currently have any evidence to show that those details have been accessed at this time.