FYI: When Virgin Media said it leaked ‘limited contact info’, it meant p0rno filter requests, IP addresses, IMEIs as well as names, addresses and more

In fact, the marketing database also contained some subscribers’ requests to block or unblock access to X-rated and gambling websites, unique ID numbers of stolen cellphones, and records of whichever site they were visiting before arriving at the Virgin Media website.

This is according to British infosec shop Turgensec, which discovered the poorly secured Virgin Media info silo and privately reported it to the broadband-and-TV-and-phone provider. The research team today said the extent of the data spill was more extensive, and personal, than Virgin Media’s official disclosure seemed to suggest.

Here, in full, is what Turgensec said it found in the data cache that was exposed from mid-April to this month:

* Full names, addresses, date of birth, phone numbers, alternative contact phone numbers and IP addresses – corresponding to both customers and “friends” referred to the service by customers.

* Requests to block or unblock various pornographic, gore related and gambling websites, corresponding to full names and addresses. IMEI numbers associated with stolen phones.

* Subscriptions to the different aspects of their services, including premium components.

* The device type owned by the user, where relevant.

* The “Referrer” header taken seemingly from a users browser, containing what would appear to be the previous website that the user visited before accessing Virgin Media.

* Form submissions by users from their website.

Those website block and unblock requests were a result of Britain’s ruling class pressuring ISPs to implement filters to prevent kids viewing adult-only material via their parents’ home internet connections. The filters were also supposed to stop Brits from seeing any particularly nasty unlawful content.

Virgin Media today stressed the database held about a thousand subscribers’ filter request inquiries.

Source: FYI: When Virgin Media said it leaked ‘limited contact info’, it meant p0rno filter requests, IP addresses, IMEIs as well as names, addresses and more • The Register

Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

 robin@edgarbv.com  https://www.edgarbv.com