Search

TV Licensing takes down website after Norwich tech expert spots security weakness

PUBLISHED: 13:22 07 September 2018 | UPDATED: 15:42 07 September 2018

Candour digital marketing director Mark Cook. Picture: Submitted

Candour digital marketing director Mark Cook. Picture: Submitted

Archant

The company responsible for TV licensing appears to have been forced into a cyber-security u-turn after a Norwich digital marketing expert pointed out a weakness in its website.

Mark Cook, a director at Candour (formerly Applin Skinner) in Norwich, called out TV Licensing on Twitter after noticing a page on the firm’s website used to take payments from customers was flagged by his internet browser as not having a secure (HTTPS) connection.

After the company responded to say there were no security issues with its website Mr Cook replied with a screenshot from his browser, showing the “not secure” connection.

It comes as British Airways is dealing with the fallout of a vast data breach which compromised some 380,000 customer payments.

The debate centres around whether the TV Licensing web pages were HTTPS (the secure version of HTTP, hyper text transfer protocol), the method used by browsers and websites to ensure the secure, encrypted exchange of sensitive data such as personal information or bank account details.

The TV Licensing website was taken down following a discussion on Twitter with Norwich marketing expert Mark Cook about the security of its website. Picture: TV LicensingThe TV Licensing website was taken down following a discussion on Twitter with Norwich marketing expert Mark Cook about the security of its website. Picture: TV Licensing

In a later blog post Mr Cook posted further screenshots showing that pages for taking personal, address and payment details on the TV Licensing website were flagged up as insecure, despite the pages claiming all personal information shared on them was “safe”.

After the Twitter spat on Wednesday the TV Licensing website was taken offline for “planned maintenance”. It was still unavailable at the time this article was published.

In his blog post Mr Cook said: “Even if only your name and email address was sent over an unencrypted connection, this is enough for a potential attacker to act on. Knowing the name, email address and time that customers were purchasing TV licences gives you all the information you need for a quick-response phishing email.

“Imagine signing up for a TV licence and within an hour, receiving an official looking email, addressed to you, saying that your payment for the TV license you just bought failed. No problem, just [click here] to pay again, on the attacker’s very convincing-looking website.”

He added: “A quick Google search shows there was £3.7bn collected in license fees in 2016/17. To get some rough numbers, if we assume everyone paid their £150, that’s around 24.5m TV licenses, right? Even if only a quarter of these people pay for their licenses online, that’s six million license transactions that are affected.”

A TV Licensing spokesperson said: “We take security very seriously which is why we use encryption for all payment transactions. However, an issue has been brought to our attention over the recent level of security on transactional pages which were previously fully secure via HTTPS, and as a precaution, we have taken the website offline until this is resolved and are working urgently to fix it.

“We’ve identified that this issue has happened very recently, and we’re not aware of anyone’s data being compromised.”

Search hundreds of local jobs at Jobs24

Management Jobs

Show Job Lists

Newsletter Sign Up

Sign up to the following newsletters:

Sign up to receive our regular email newsletter

Our Privacy Policy

Insight

Holden is a name associated with the motor trade in Norfolk for 90 years. Motoring editor Andy Russell chats to current CEO Tim Holden, third generation in the family motor group, about how it has become a nationally-recognised driving force.

As diesel car registrations drop, more and more motorists are becoming aware of the benefits of hybrid cars and how easy they are to drive. Toyota’s pioneering role in hybrid technology means nearly half its total sales now combine petrol and electric power, says motoring editor Andy Russell.

Women in Business

cover

Enjoy the
Women in Business
digital edition

Read

Business East

cover

Enjoy the
Business East
digital edition

Read

Celebrating Success

cover

Enjoy the
Celebrating Success
digital edition

Read

B2B Exhibition

cover

Enjoy the
B2B Exhibition
digital edition

Read

Green 100

cover

Enjoy the Green 100
digital edition

Read

Meet the Team

Mark Shields

Business Editor

|

Chris Hill

Agricultural and Farming Editor

|

Business Most Read

Awards

Norfolk Future 50 EDP Business Awards Green 100