Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Privacy United Kingdom

Rail Station Wi-Fi Provider in UK Exposed Traveller Data (bbc.com) 19

Posted by msmash from the privacy-woes dept.
The email addresses and travel details of about 10,000 people who used free wi-fi at UK railway stations have been exposed online. From a report: Network Rail and the service provider C3UK confirmed the incident three days after being contacted by BBC News about the matter. The database, found online by a security researcher, contained 146 million records, including personal contact details and dates of birth. It was not password protected. Named railway stations in screenshots seen by BBC News include Harlow Mill, Chelmsford, Colchester, Waltham Cross, Burnham, Norwich and London Bridge. C3UK said it had secured the exposed database - a back-up copy that included about 10,000 email addresses -- as soon as it had been drawn to their attention by researcher Jeremiah Fowler, from Security Discovery. "To the best of our knowledge, this database was only accessed by ourselves and the security firm and no information was made publicly available," it said. "Given the database did not contain any passwords or other critical data such as financial information, this was identified as a low-risk potential vulnerability."
This discussion has been archived. No new comments can be posted.

Rail Station Wi-Fi Provider in UK Exposed Traveller Data More

Rail Station Wi-Fi Provider in UK Exposed Traveller Data

Comments Filter:

  • When using free wifi and it asks for your name and address why do people give them their real ones?

    Usually you just put in "anon@buggeroff.com" as your email and it lets you in. Obviously it records your phone's MAC address but that's still far better than handing over your name and address.

    • Re: (Score:1)

      by Anonymous Coward

      Yep. BillG@Microsoft.com is gonna be getting a lot of spam. There are systems where you get kicked off the wifi if you don't verify your address within a few minutes of going online, but the UK railway stations have accepted for the last five years (without any proof) that I'm Bill Gates.

      • "Yep. BillG@Microsoft.com is gonna be getting a lot of spam. There are systems where you get kicked off the wifi if you don't verify your address within a few minutes of going online"

        Then use BillG@yopmail.com or any of the other throwaway email services where you don't have to create an account first.
        Additionally, always use a VPN when using such services.

    • Comment removed based on user account deletion

      • Instead of abusing somebodies domain name, like you did, use something that you know is not going to cause any harm, like anon@example.com or abuse@

        I use the second one mostly, because it save everybody time to report spam. Another you could use is postmaster@...

        However often you need to click on a link to confirm the email address. For that you best have a throwaway account.

        Now you and I and everybody here is able to set something up like that, even linking it to a 'real' account if we sol like by using the filters that are possible. The 99% of the rest of the world are not able to do that or to understand why. They will also tell you they use a PC not a MAC. They have NO idea what a MAC address is.

        And even if I use a dummy account, the fact remains that using a dummy account should not be needed.

        Saying "I know how to solve the problem" is not a solution of the problem. It is a confirmation that the problem exist. What you do is blaming the victim for being a victim.

        Agreed using an email which is throwaway is the best solution.

    • That's always what I do mainly for the reason of avoiding spam rather than security though but clearly it is good for both. Interestingly my laptop is also configured to use a randomized MAC address as well so at least that one is even safe from tracking the MAC address as well but I only tend to use that on a train rather than in the station.

  • Comment removed (Score:3)

    by account_deleted ( 4530225 ) on Monday March 02, 2020 @12:21PM (#59787782)
    Comment removed based on user account deletion

    • Re: (Score:2)

      by thsths ( 31372 )

      Interesting. I had a locomotive with a plaque that said "40 years service, 2012". And this is a mainline railway, mind you, not a heritage railway. Why would you celebrate such historic rolling stock? And it is belching some unimaginable stinky black smoke.

    • Re: (Score:2)

      by hey! ( 33014 )

      You got a bus? Luxury! Here in Boston we have trains that stop functioning when it gets cold out. To get to your destination you have to wait for the weather to change.

    • Because Great Western Rail adheres exclusively to a combination of belching diesel trains from the sixties...

      I thought GWR just got a whole load of new trains? [gwr.com]. If you want to see a "belching diesel" and a bus at the same time you need to visit the North where the wonderful Northern Rail still runs converted Leyland buses from the 1980's [bbc.com] because they can't get their new ones to work probably because they based them on Boris' Routemaster double-decker.

  • Can we all agree (Score:3)

    by IWantMoreSpamPlease ( 571972 ) on Monday March 02, 2020 @12:30PM (#59787826) Homepage Journal

    That if it's public wi-fi, it is:
    (1) Poorly configured
    (2) Never patched
    (3) Leaking data like a sieve.
    (4) All of the above
    (5) on purpose.

  • On my phone, I run an adblocker/vpn...in just over a year, it has blocked 1,098,536 ads, 144,089 trackers and saved over 49.16GB of data. You are crazy, on any open wifi to not run a vpn.

Slashdot Top Deals

The most exciting phrase to hear in science, the one that heralds new discoveries, is not "Eureka!" (I found it!) but "That's funny ..." -- Isaac Asimov

Close