Password sharing is so often a common practice for accounts when there is constant turnover in the workforce, so one generic account is created. As the executives at Vodafone, an Australian based cell phone provider, have found out, this is not a practice to follow, especially when sensitive customer data can be accessed through this account.
A journalist shared the news with the Vodafone executive management of her ability to access their most sensitive data, with legitimate credentials. Vodafone has since taken action to remove employees and update security, but they are not able to quantify the amount of data that was breached or could have been breached. They are looking into legal action as well toward the former employees.
When sensitive data is available, security has to be enforced. The sharing of passwords may be taken lightly, but as more and more companies are finding out, there are legal ramifications to the practice.
http://www.darkreading.com/authentication/167901072/security/security-management/229100384/a-glaring-lesson-in-shared-passwords.html
No comments:
Post a Comment