08004u publishes customer records by mistake

The personal details of some 200 Net users were published on the Web after a lapse in concentration by UK ISP 08004u. The names, addresses, user names, passwords and other sensitive information were mistakenly published last week when technicians at the Dundee-based ISP switched servers. According to David Banks, 08004u's MD, the information was only visible for five minutes before it was deleted -- and only contained the details of some 40 or 50 people. However, The Register has received a document believed to be a copy of the rogue file, and it contains the personal information of some 200 08004u subscribers. What's more, some of the people on the list have been telephoned by unnamed persons pretending to be those responsible for "hacking" the information. In one case, the mystery telephone caller with a Yorkshire accent read out the name, address, phone number and choice of username and password to one of the victims. He said he could have accessed the credit card details off the server as well, although The Register has found no evidence that any personal financial information was made public. "This server's wide open," he said before hanging up. Attempts to trace the caller has so far proved unsuccessful. ®