Tuesday, September 09, 2008

PwC in Germany looses unknown number of user data including clear text passwords

You would expect that one of the leading audit companies would play by the rules it preaches to its customers. But it seems that PriceWaterhouse Coopers (PwC) in Germany had a major security breach according to ZDF, the German public TV channel. At least 56,000 users of their online application system have been affected. To make it worse, PwC is currently not sure how many data elements have been affected. But to top the whole story: The passwords used by applicants were stored in clear text (!!) and have been used for attacks on online payment systems like Money Bookers and Click&Pay, using the passwords stolen from PwC.

On a site note:
According to the German magazine WiSo, which conducted a survey with 2000 users, approximately 80% of them use the same password for their online accounts. Which is not surprising in our information rich society, requiring us to have sometimes 20-30 accounts with passwords.

Here is the German online article: