Gah morons
I left vodafone a couple of years back and ported the number away and yes my email addy is visible . Dipsticks
Vodafone has been caught taking liberties with customers' email accounts, and it seems at least some of the customers aren't happy about the practice. The problem is with the password reminder feature on the “My account” section of the carrier's website. All you have to do is enter the phone number of the person you're …
Jesus uses Vodafone according to the undocumented feature ;q
fortunately I've never shared my email with them so I remain less spammable.
I think my next phone will be bought outright and a selection of monthly SIMS used as I see fit with no disclosure of such information
Their forum manager phoned me and apparently they are aware of the issue and doing everything they can as fast as they can. They weren't aware it worked with usernames too though.
"Everything they can" doesn't, it seem, include taking down the offending page. Which is strange, 'cos that's the first thing I'd do.
On the plus side, if we can find a way to extract electrical energy from Vodafone's incompetence, that'll be global warming sorted.
Having not been a Vodafone customer for over 4 years, I was somewhat surprised to see that my online account is still active and that they've retained my personal details (D.O.B., address and so on). Now, I'm no legal expert but I do think that hanging on to my details for nearly half a decade after I dispensed with their services counts as being "kept for longer than is necessary".
Just tried a couple of attempts and yes, mine and my boyfriend's phone numbers and usernames return our e-mail address.
Haven't seen it give up my phone number to my username.
Now it's off-line though - the world's friendliest error message states:
"We're making things better
We're making some improvements to this area of our site. But don't worry - we'll have everything back to normal soon."
It'll be interesting to see what they come up with.
It may be reasonable for Vodafone to keep billing and invoice information for seven years due to UK tax laws, but they certainly don't need my date of birth or email address.
I'll (almost) leave the final word on this to the ICO who enforce the Data Protection Act "...there is a significant difference between permanently deleting a record and archiving it. If a record is archived or stored offline, this should reduce its availability and the risk of misuse or mistake". Such as serving it up to all and sundry via a faulty website, for example.
Terence began in the security team, moved onto the web teams, ended his days there as a "commercial planning manager". Clearly no love lost between him and Vodafone now.
Ever heard of responsible disclosure, Terence? Look it up before you broadcast how to recover Vodafone customer emails addresses to the world.
Nym
You now get:
"If you provided us with a valid email address when you registered online, click on Send email. When it arrives, click on the link which will take you to a page where you can reset your password and view your username.
Alternatively, you can enter your email address by clicking 'Enter my email address'."
You can still build up a list of valid usernames as it gives you the message "something's wrong with your account; contact the support desk blah blah blah" if you enter an invalid username, but get the above text when it's valid.
At least it's not a phone -> e-mail converter any more.
As a VF customer I am amazed every time I read any news it contains stories about Vodafone cocking something up.
Rolling out malware on the HTC Desire .... then rolling out junk onto the Samsung Galaxy S.
Then giving out people's data to criminals/stalkers/spammers.
Whoever developed those Vodafone processes is an idiot who needs sacking. They clearly haven't got a clue about security or how to protect people's data.
I'm surprised this isn't illegal under the data protection act. Aren't companies obliged to take care of your data?