British spy agency sent clear text passwords

By

Legacy system to be overhauled.

One of Britain's top intelligence agencies has admitted it sends passwords to prospective job candidates in clear text.

British spy agency sent clear text passwords

Blogger Dan Farrall revealed the gaffe after he applied to work at the Government Communications Headquarters (GCHQ) spy agency.

Farrall said he reported the finding to the GCHQ and published after he did not hear back after two months.

“Not really sure how we can trust somebody like that to protect us, when they are still doing stupid things like this," Farrall said.

"For those that don't think this matters, bear in mind the type of information you're submitting to these online applications: names, dates, family members information, passport numbers, housing information. With this type of information identity theft is a major concern.”

The agency told the Register the legacy system would be updated"very small percentage of applicants were sent passwords during reset processes.

Varonis technical director Rob Sobers said the gaffe illustrates a need to correct simple security frameworks.

“This case in particular highlights the need to do a thorough check of your third party providers and their business practices, especially in the area of security. We have to focus on the basic 'blocking and tackling' if we stand a chance at becoming a culture of data security and privacy.”

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:
british governmentgchqpasswordssecurity

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?