Too long; didn’t read? Summary: BT Leak customer Name, e-mail address and mobile number against faults if you know the land line number.
I manage services for many people and came across this little glitch today.
If you raise a fault against a BT Business phone line you get regular status emails.
If you click the option to track your fault online you are taken to a simple URL containing just the phone number as verification. For example:
http://secure.business.bt.com/FaultManagement/Online/TrackYourFault.aspx?dn=01234548884
This then takes you to a page showing very limited information, just if the fault is resolved and the date it was reported.
Clicking the “See details” option then prompts you for your account number to allow you to see further details.
A roadblock for those who don’t have your “personal / business” details.
HOWEVER… I had just been logged into another customer’s BT Business account tracking an order when I decided to check the status of the fault for another customer.
I clicked the tracking link in the e-mail and then clicked the See Details link.. this time, without the other customer’s account number OR BT Business login… I was able to see the details about the fault:
That was curious enough.. but what stunned me next was what appears when I clicked the “See details” under the “Contact Details” column….
It showed name, e-mail address and mobile number of the owner of the phone line with no requirement to prove who you are other than you too are a customer of BT Business and have a login!