“300,000 e-mail accounts Tele2 not properly secured.

The e-mail accounts of provider Tele2 are not properly secured. Malicious parties can gain access to a victim’s e-mail address using only the victim’s postcode and house number. So it doesn’t take much to bypass security.

RTL News reports that on the basis of its own research. RTL News called Tele2’s customer service and stated that they had forgotten the password for a mail account. After the postcode and the house number of that account were given, the customer service representative changed and a new password was created. A criminal hacker known to RTL has indicated that he uses this method more often. Tele2 is taking measures to make this impossible in the future.

Childishly simple

Requesting a new password was very easy according to RTL News. They only asked for data that can be found online. It was noteworthy that during one of the conversations RTL News had with Tele2’s customer service, the employee began to have doubts about the journalist. After he also knew the date of birth of the owner of the mail account, that was enough to get a new password.

That password was then entered by telephone. This gave RTL access not only to the mail account, but also to linked services such as social media and payment sites, as well as the Tele2 account. In the view of the Authority for the Protection of Personal Data, it is a serious signal and this form of security […] is totally inadequate. The supervisor therefore enters into a conversation with Tele2 to see why things could go so wrong.

Tele2 manages 296,081 email accounts. These are accounts whose address ends with @tele2.nl, @zonnet.nl or @versatel.nl. It is not known how many people have actually been hacked. In a response, Tele2 states that it is no longer permitted for its employees to change passwords by telephone. The company also immediately carries out a stricter identity check, so that hackers cannot just have access to mail accounts.