August
30th,
2006
O2 closes call records site after security flap | The Register
whenever I read this kind of story it makes me reckon that the victims probably hadn't had a recent Pen. test done, and the kind of URL manipulation described would likely have been picked up by most testers.
However kudos to O2 for admitting the flaw and moving to fix it, instead of taking the line that some organisations seem to take which is to attack the person that found the flaw....