British Telecom Openworld admits to giving out customer passwords before verifying identities

Incident Date: August 2002
Incident Location: United Kingdom

British Telecom (BT) Openworld admitted that helpdesk agents sometimes failed to properly authenticate people requesting the password of a customer account. The errors were revealed by news Web site ISP Review. A spokesperson for BT Oopenworld said that these incidents were isolated and that the importance of verifying identities has been reiterated to helpdesk personnel.

The BT Openworld security policy requires helpdesk personnel to verify an identity before making any customer account changer or providing information. The documented process for verifying an identity includes asking for a password, then the maiden name of the customer’s mother, and finally a ‘helpdesk phrase’ submitted by the customer during account registration.

If the customer is unable to supply any of this information they must take further measures, such as providing a telephone number, undergoing a telephone call-back by a BT Openworld manager, or sending in an original copy of their bill.

Story Sources

Title: BTopenworld admits helpdesk gaffe
Author: Ian Lynch
Date: 8/16/2002
Publication Location: United Kingdom
Publication URL:

Title: BTO Strengthens Helpdesk Security
Date: 8/15/2002
Publication: ISP Review
Publication Location: United Kingdom
Publication URL:

Do you have additional information to contribute regarding this story? If so, please email with the details and source.

<-- Back to Authentication Story Index

[Home] [About Us] [News] [Research]

Copyright © 2016