HKT's abuse of ID numbers
9 September 2014
Time to highlight another company which is using the HKID number as an authenticator (password) rather than an identifier. Yes, its HK's dominant land-line company HKT Ltd (6823), a subsidiary of PCCW Ltd (0008). An e-mail came in from the company (you know, that insincere "Dear Valued Customer" bit) saying "Your latest bill is now ready for viewing. To review the bill details, please click HERE". And then it adds:
"In order to protect your privacy, the attached latest bill is protected by password. Please key in the first 6 characters of your identification document number in upper case format (e.g. A12345) to access your bill."
Um, no, HKT, your ID number is NOT a password. It is a government-issued identifier that HK people have been using since it was issued to them (usually when they are 11 years old) and is known to hundreds of firms and thousands of people in HK. If your mail passes through an internet service provider (ISP) server, then your ISP probably knows your ID number too, so anyone who looks at your mail could check your phone bill and (for overseas calls) see where you live and whom you've been calling (local calls are not metered). And incidentally, the bill is not "attached" but linked. When you click the link (which is customised to your account), you get this web page:
Here To Serve? Here To Cut Corners, more like. If information is worth protecting then they should use a proper password known only to the company and the customer, not an identifier. For more articles on this, see our identity cards and numbers topic.
© Webb-site.com, 2014
Organisations in this story
Topics in this story
Sign up for our free newsletter
Recommend Webb-site to a friend
Copyright & disclaimer, Privacy policy