British spy agency sent clear text passwords

By

Legacy system to be overhauled.

One of Britain's top intelligence agencies has admitted it sends passwords to prospective job candidates in clear text.

British spy agency sent clear text passwords

Blogger Dan Farrall revealed the gaffe after he applied to work at the Government Communications Headquarters (GCHQ) spy agency.

Farrall said he reported the finding to the GCHQ and published after he did not hear back after two months.

“Not really sure how we can trust somebody like that to protect us, when they are still doing stupid things like this," Farrall said.

"For those that don't think this matters, bear in mind the type of information you're submitting to these online applications: names, dates, family members information, passport numbers, housing information. With this type of information identity theft is a major concern.”

The agency told the Register the legacy system would be updated"very small percentage of applicants were sent passwords during reset processes.

Varonis technical director Rob Sobers said the gaffe illustrates a need to correct simple security frameworks.

“This case in particular highlights the need to do a thorough check of your third party providers and their business practices, especially in the area of security. We have to focus on the basic 'blocking and tackling' if we stand a chance at becoming a culture of data security and privacy.”

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, UK edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?