Oct 312011
 
 October 31, 2011  Breaches, Business, Featured News

Color me stunned.

As an Optimum Online subscriber, I’m supposed to get free online access to Newsday, one of the largest newspapers in New York.  So I went to sign up on Newsday’s site. And that’s when my eyes popped out of my head.

Not only does Newsday’s sign-up form ask you for your Optimum ID (username), full name, and address, but they require you to provide the password to your Optimum account.

Say WHAT?

Not believing my eyes, I called their help number and asked why they didn’t just take the ID and send a confirming e-mail to the user’s account, but was told that no, I had to provide the password to my account.

I told the representative, who I won’t name as this is not her fault, that that was the stupidest thing I’ve heard all day and is really poor from a security standpoint.

She put me on hold and eventually came back to tell me that I did have to provide the password but it’s “encrypted.”

D’oh.

I asked to speak to Newsday’s Chief Security Officer and was told they have none. Gee, what a surprise.

I asked to speak to Newsday’s Chief Privacy Officer and was told they didn’t have one of those, either.

So I called Optimum Online and asked to speak to their online security office.  I posed my question to them and they told me I’d have to take it up with Newsday.  Of course, they (Cablevision) own Newsday, so you’d foolishly think they might have some influence or be concerned about passwords being needlessly entered in a subsidiary’s web site, but no, they said I had to take it up with Newsday.

Obviously, I didn’t sign up for digital Newsday today.  Shame on them and Cablevision for even requiring the major account password to access the site.  What is Cablevision going to do if Newsday gets hacked?  Email hundreds of thousands of customers and tell them to change their Optimum Online passwords?  And what are they going to do if Newsday is hacked and the hackers decide to decrypt passwords, login to Optimum Online accounts and listen to people’s voicemail or look at their payment arrangements?

Such an unecessary and foolish risk.

 

  2 Responses to “Dumb security, Monday edition: Want to read Newsday as an Optimum Online customer? You’ll have to turn over your Cablevision password.”

  1. It would be good if you researched your stories before posting. I don’t believe you have the complete story. If you want to confirm with someone try contacting Newsday’s Executive Editor who is also SVP for digital. Don’t rely on entry level customer service people to provide this information. Shame on Newsday for not having better internal communicaiton both within Newsday and inter-company, but don’t just pile on. The newspaper industry has enough real problems without people creating fictitious ones.

    • I spent 20 minutes on the phone trying to get through to someone and couldn’t. And that’s not just from the customer service rep. I also called the corporate hq and asked for the Chief Security Officer or Chief Privacy Officer. The switchboard also told me they had no such offices. I then called Cablevision/Optimum Online who punted it back to Newsday. I also tweeted an inquiry to Newsday. Newsday is welcome to contact me via e-mail to admin[at]pogowasright.org if they want to clarify or if they think I’ve got the story wrong and I will be happy to talk to them. But the fact remains: I was and am not able to sign up to read the newspaper if I don’t provide my Optimum account main password – and that is outrageously stupid in my opinion. YMMV.

Sorry, the comment form is closed at this time.