Web host glitch exposes data

Security: Business data is left exposed while security standard lies idle

Security: Business data is left exposed while security standard lies idle

Bill Goodwin

New security fears were raised this week after a blunder by a Web hosting service left companies' confidential files open to viewing by other businesses using the service.

Customer lists, credit card numbers and other customer details, were left exposed for weeks on a server run by Netcetera, until the error was fixed this week.

The case, which highlights the difficulties facing companies when they outsource their Web sites to third parties, is the latest in a string of security glitches to hit company Web sites.

The problem came to light after a small Swansea Web design company, Web Graffiti, began installing file transfer facilities for its customers, hosted on the Netcetera service.

Web Graffiti staff discovered they could view other companies' user names and confidential files hosted on the same server, using Web Graffiti's customers' passwords.

"Credit card details could be seen, personal data could be seen. We would not steal credit card details, but the issue is that someone else could do that," said Nic Hinder, director of Web Graffiti. "I was amazed that they could make this sort of mistake. We were concerned for our own safety as well as the safety of our clients," he added.

Netcetera, which describes itself as one of the largest Microsoft-based Internet service providers in the UK, said the problem was caused by a configuration error on one of its servers.

"When you apply a fix to hundreds of servers it is easy to overlook something like that. It was a mistake on our part but we will make sure it does not happen again," said Peter Skelton, Netcetera's technical director.

Netcetera technicians were able to fix the problem, which affected only one of Netcetera's servers, within 20 minutes of receiving a call from Computer Weekly. There is no evidence that any data was compromised.

However, Web Graffiti and Netcetera are in dispute over the length of time it has taken Netcetera to fix the problem.

Web Graffiti said its staff asked Netcetera's helpdesk to fix the problems several times over the telephone since the problem came to light in early August.

But Netcetera claimed it only became fully aware of the problem when contacted by Computer Weekly.

Skelton said that although a Web Graffiti director had spoken on the phone to the Netcetera helpdesk, he had failed to explain the problem properly.

Web Graffiti did not fill in a fault report form, and, as a result, the problem was not followed up, Skelton said.

Read more on Privacy and data protection