It's been a few days since my colleague and I first reported this
problem to B&Q and to Silicon.com and others. B&Q were pretty quick to
plug the hole, but from what I can see so far, they have not bothered
to make a statement on the website or email their customers (my
colleague is eagerly awaiting the anticipated email from B&Q to tell
him not to worry and that his account is Ok)
This morning I emailed Matt Louth (B&Q's Systems Manager) to ask him
what they were doing about the problem. No reply so far. The question
is, who else spotted the security problem before we did. A simple bit
of code and some downloadable firstname/surname lists from the
Internet would be all I needed to exploit this flaw to it's full
potential. What if somebody has already done this?
As a parting shot - I just checked some of the accounts we discovered
on Friday afternoon and reported to Silicon.com and the passwords have
not been changed
HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.