02.03.09
EDF MyAccount Security
I tried to login to my EDF MyAccount today to check what to expect on our next gas and electricity bill, but I couldn’t remember my login details (username, password, and PIN). I clicked the usual “forgot your password / pin?” link expecting to be given some kind of form to fill in in order to be able to reset my password, but instead was informed that I had to call customer services. When I phoned them up and explained the situation, instead of resetting my details the man on the phone was able to give them straight to me! I only had to provide a few basic details in order to get this far, which leaves me quite concerned that anyone could call up and get them quite easily. And that the customer service people themselves have access to all that unencrypted data!
I guess it’s not a huge deal as there isn’t much you can do from the MyAccount panel, other than change my billing details, view my energy usage, or claim my precious Nectar points, but it still doesn’t seem right.
Update: I called them back again as, foolishly, I forgot to write down my PIN code. Whoever I spoke to this time informed me that they could not give out such details over the phone, due to the Data Protection Act. When I mentioned that the person I’d spoken to before had given out all my details without hesitation he apathetically replied “I’ll get someone to look into that”… yeah, right.
Laura said,
February 19, 2009 at 7:44 pm
When I rang up the water board, they not only told me who my neighbours were (I already knew but hey), they also said whether they were with that water company and whether the school we all work for paid their bills or not! =)
sam said,
March 8, 2009 at 3:39 pm
dude, completely unconnected but… who’s your web hosting provider?
GaZ said,
March 16, 2009 at 10:34 pm
Dreamhost, based in the US. They’re awesome!