TV Licensing takes down website after Norwich tech expert spots security weakness
- Credit: Archant
The company responsible for TV licensing appears to have been forced into a cyber-security u-turn after a Norwich digital marketing expert pointed out a weakness in its website.
Mark Cook, a director at Candour (formerly Applin Skinner) in Norwich, called out TV Licensing on Twitter after noticing a page on the firm's website used to take payments from customers was flagged by his internet browser as not having a secure (HTTPS) connection.
After the company responded to say there were no security issues with its website Mr Cook replied with a screenshot from his browser, showing the 'not secure' connection.
It comes as British Airways is dealing with the fallout of a vast data breach which compromised some 380,000 customer payments.
The debate centres around whether the TV Licensing web pages were HTTPS (the secure version of HTTP, hyper text transfer protocol), the method used by browsers and websites to ensure the secure, encrypted exchange of sensitive data such as personal information or bank account details.
In a later blog post Mr Cook posted further screenshots showing that pages for taking personal, address and payment details on the TV Licensing website were flagged up as insecure, despite the pages claiming all personal information shared on them was 'safe'.
You may also want to watch:
After the Twitter spat on Wednesday the TV Licensing website was taken offline for 'planned maintenance'. It was still unavailable at the time this article was published.
In his blog post Mr Cook said: 'Even if only your name and email address was sent over an unencrypted connection, this is enough for a potential attacker to act on. Knowing the name, email address and time that customers were purchasing TV licences gives you all the information you need for a quick-response phishing email.
- 1 The rise and fall of a beloved Norfolk wildlife park
- 2 Woman's life 'left in pieces' after being raped while unconscious
- 3 'One of life's gentlemen' - Neighbours describe killer's double life
- 4 Man in 50s dies after crash between car and bicycle
- 5 'I was in tears': Dentist can keep working despite failing 13 patients
- 6 Masks scrapped 'as early as next month' and over 35s jabs 'soon'
- 7 Builder opens shepherd huts on site with unusual feature
- 8 Norfolk seaside village third most sought-after in UK
- 9 Part of A47 reopens after earlier accident
- 10 Village rounds on council over 'disgraceful' road resurfacing that covered cycle lanes and blocked drains
'Imagine signing up for a TV licence and within an hour, receiving an official looking email, addressed to you, saying that your payment for the TV license you just bought failed. No problem, just [click here] to pay again, on the attacker's very convincing-looking website.'
He added: 'A quick Google search shows there was £3.7bn collected in license fees in 2016/17. To get some rough numbers, if we assume everyone paid their £150, that's around 24.5m TV licenses, right? Even if only a quarter of these people pay for their licenses online, that's six million license transactions that are affected.'
A TV Licensing spokesperson said: 'We take security very seriously which is why we use encryption for all payment transactions. However, an issue has been brought to our attention over the recent level of security on transactional pages which were previously fully secure via HTTPS, and as a precaution, we have taken the website offline until this is resolved and are working urgently to fix it.
'We've identified that this issue has happened very recently, and we're not aware of anyone's data being compromised.'