» sjhoward.co.uk

  • « Archive »
  • « Academia »
  • « Book »
    •
  • « About Me »
  • « Twitter »
  • « RSS »
    •

    Shocking web security fail by Theatre Royal Newcastle
    Theatre Royal, Newcastle upon Tyne

    Theatre Royal, Newcastle upon Tyne

    The Theatre Royal in Newcastle (the Northern Home of the Royal Shakespeare Company) has a new website today, developed by Firechaser.

    I don’t know about chasing a fire, but they may need to extinguish a virtual one soon.

    The Theatre has emailed me to say that my details have been moved over to the new site, and I should login with my email address and the temporary password of “theatreroyal”.

    Yes, logging in with my email address and that pisspoor non-unique standardised password will give you access to all of my personal data – including my phone number, address, and theatrical interests – plus the opportunity to change my password and lock me out of my own account. Or at least it would, if I hadn’t changed my password.

    That is a clear and obvious breach of the Data Protection Act’s security requirements – plus, it’s frankly astounding that anyone thought it would be okay. Let’s hope they wise-up soon.

    Photo by Stephen Douglas, used under licence





    Comment

    Share


    Your Comments and Responses

    Elsewhere on the site

    This post has been referenced by another on this site:
    sjhoward.co.uk » Quick work . . . Theatre Royal website fixed!

    [...] than four hours after I exclusively reported the Theatre Royal’s web oopsie, they’ve fixed it. A new email has gone out with a new, unique temporary password for each [...]

    17th March 2010 | Permalink

    » This pingback was received at 21:48 on 17 March 10


    Write a new comment or response

    Commenting allows you to respond to what the author and other commenters have been said. Comments often appear on this page instantly, though sometimes take a little longer - especially if you are new to the site.

    Enter your comment in the text area below. You may use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> .

    Note: By submitting your comment, you confirm that it conforms to the site's Comment Policy.
    Gravatar: To show your face, sign up for Gravatar, and enter your email address above.





    Welcome to my blog!
    I've been writing here since May 2003, and waffle on about all sorts of stuff.
    See this page for more about me, or follow me on twitter. Enjoy browsing, commenting, and getting involved!

    Printed from http://sjhoward.co.uk/archive/2010/03/17/shocking-web-security-fail-by-theatre-royal-newcastle
    (c) sjhoward.co.uk - full conditions can be viewed at http://creativecommons.org/licenses/by-nc-sa/2.0/uk/
    The content of this site is copyright protected by a Creative Commons License, with some rights reserved. All trademarks, images and logos remain the property of their respective owners. The accuracy of information on this site is in no way guaranteed. Opinions expressed are solely those of the author. No responsibility can be accepted for any loss or damage caused by reliance on the information provided by this site.