Ever used Go Compare? Might want to read this
As I aluded in another thread, I came across a bit of an issue the other day when using the comparison website Go Compare.
After I got my quotes, I noticed they'd sent me another email - it was a confirmation of the account that had been set up for me.
The problem: They'd included my actual password in plaintext (not encrypted in any way) in that email.
An email that had crossed over the public internet.
Which means that my password could have been read by any hacker out there (and there are MANY of these things going on!) as well as any Email adminstrator in the IT department who felt like taking a look in the "Sent Items" inbox of their mail servers.
It also means that their password database is using a very old and no longer accepted as safe method of storing the passwords.
I have contacted them and explained. They have told me it was only happening on their Caravan page which they actually use a 3rd party broker for. And they have told me they have / will make a change to the system to remedy this problem.
Just thought I'd mention it.
Comments
-
I had a similar problem and I don't see their need for my mothers maiden name just for a quotE. One of the caravan insurance quotes plagued me with phone calls until I got cross and left them on hold. It was a very low quote that I didn't accept partially
because I hadn't been 100% honest about my no claims length but that was beside the point I thought! I was trying to get accurate comparisons.0 -
What a bunch of plonkers at GoCompare with an absolute disregard for IT security. Thanks for the warning.
I was told to have at least three email addresses. One for very personal use which I restrict to family and very close friends plus my main financial service providers. The second I use for trusted websites or organisations. The third I use for people and organisations I'm not sure about including internet shopping. Sometimes, I replace the third email address with the second one when I begin to trust those people or organisations.
Some email hosts offer disposable email addresses which can be useful.
0 -
Not used them but thanks for the warning which I have noted for the future.
Have you pointed the problem out to them?
WW reread the op post
0 -
Not used them but thanks for the warning which I have noted for the future.
Have you pointed the problem out to them?
at great length, yes I have.
It took me 4 goes and looping in the ICO office before they took it seriously.
After which, in fairness, they were very apologetic and assured me they'd taken steps to resolve it.
In fairness, it was a confusion in how they run their carvan site - its not really them, its another company who does it, with a website wrapped around it so that the customer doesn't realise.
0 -
and they all like to sell your phone number on, if you doing a quote on line, why the hell do they need your phone number, I give the number of my local pay phone,
I have always found coparison sites dearer than going direct
0 -
I alwas use the forgot email function and just change it for the current use, and do not bother to store it.
Any web site that cannot email me a temporary email withing a couple of minutes of me asking for one, probably is not worth dealing with.
Rgds
0
