ConEd customer’s personal information is in grave danger. ConEd’s online account system is easily crackable, only requiring entering an account number.
We emailed this information to ConEd earlier this month but never received a reply back, so now we’re going public.
Someone could easily break into this system with a simple brute-force program designed to run through every single numeric permutation.
Once inside, a cracker would have access to customer’s
• Telephone Number
• Two Years Billing & Payment History
• Due Amount
• Direct Payment Plan Enrollment Status
• Email Address (if provided)
• Alternate Phone Number (if provided)
• Fax Number (if provided)
This information could used to commit identity theft, such as opening fraudulent credit cards or bank accounts. Also, one of the options is “close my account.” Presumably, someone’s electricity could be shut off.
This is pathetic. ConEd needs to add stricter security measures, at least a password for crying out loud, before there’s a breach of customer’s personal information.
According to their website, ConEd serves over 1.1 million customers in the New York area. — BEN POPKEN
(Thanks to Jeff!)