Crystal Web ADSL performance feedback thread Part 3...

[CataclysmZA]

When did you change your password.

then we know ho old the file can be, as said I got my account yesterday, my info is not there.

G

My password was last changed following the previous hack. So we're talking a few months. But I couldn't tell you when the cutoff date for this dump was.

 

[Reaper84]

Can someone send me the list or let me know if my name is on it via pm. Need to know if I must change my password ASAP

 

[Icemanbrfc]

My name is there. As a trial customer only, im more concerned with ID and banking details.

 

[crackersa]

i'm sure CW will change all the passwords (if they haven't already). check your mail and spam folders for communication.

 

[CTBP]

Just 1 question before I decide to sign up, if I find my capped package isn't enough or is too much, can I change mid month and be charged or credited the difference?

 

[Bryn]

Can someone send me the list or let me know if my name is on it via pm. Need to know if I must change my password ASAP

Sure. Drop me a PM if someone hasn't helped you already. Pretty sure everyone is on the list though.

My name is there. As a trial customer only, im more concerned with ID and banking details.

Same. I wonder if more is going to be leaked.

i'm sure CW will change all the passwords (if they haven't already). check your mail and spam folders for communication.

They're pretty snappy about stuff like this. I've had a new password for a while already. Left a ticket when live chat wasn't even available and got an sms shortly thereafter.

 

[Bryn]

Just 1 question before I decide to sign up, if I find my capped package isn't enough or is too much, can I change mid month and be charged or credited the difference?

Yep, you can.

 

[CTBP]

Yep, you can.

Thanks

 

[SauRoNZA]

Also received the PM.

My account is on there with the NEW password which means CW has been hacked AGAIN since the last incident.

Or their support email address that sent them all out is compromised?

 

[Bryn]

The first line of the hacked list:

by the South African Post Office

New job, @PostmanPat?

 

[Ho3n3r]

So perhaps it is trial accounts then.

Wonder why thats not the case with me.

Unless they converted my trial account to a 'standard' one.

Never had a trial account, still got the mail and my CW details are on there.

 

[Icemanbrfc]

The first line of the hacked list:


New job, @PostmanPat?

To be fair, there is a PostmanPot as well

 

[Bryn]

To be fair, there is a PostmanPot as well

But PostmanPat has been on a tirade against CW.

 

[Ho3n3r]

Also received the PM.

My account is on there with the NEW password which means CW has been hacked AGAIN since the last incident.

Or their support email address that sent them all out is compromised?

Confirmed. My new password(from the June 23 mail) is on there. I assume they will change everyone's passwords again this time.

 

[Icemanbrfc]

But PostmanPat has been on a tirade against CW.

Aah i see. Well i just hope that CW peeps are on it already. Bit concerning that its happened again.

 

[SauRoNZA]

Official Crystal Web ADSL performance feedback thread Part 3...

Confirmed. My new password(from the June 23 mail) is on there. I assume they will change everyone's passwords again this time.

Yeah I honestly can't decide now if CW is just piss poor at this or if someone is really going after them.

I mean this is the THIRD time now, surely at some point you take it seriously enough as a company to plug all holes?


Could this be a dump of their Radius server?

 

[CataclysmZA]

i'm sure CW will change all the passwords (if they haven't already). check your mail and spam folders for communication.

Just to note, I haven't been given a new password yet. Heading off to support to do it now. They're probably taking their time with this to make sure they're not opening themselves up to a second-wave attack.

My account is on there with the NEW password which means CW has been hacked AGAIN since the last incident.

Or their support email address that sent them all out is compromised?

No, this is probably the old service provider that they used for the portal last time getting compromised the same way. The dumped data, and the service used for the paste, implies that it's all done by the same person in the same way.

 

[Ho3n3r]

Yeah I honestly can't decide now if CW is just piss poor at this or if someone is really going after them.

I mean this is the THIRD time now, surely at some point you take it seriously enough as a company to plug all holes?


Could this be a dump of their Radius server?

I'm thinking it's an inside job, perhaps an undercover (insert ISP name here) agent who applied for a job there. It's certainly someone trying to damage their reputation as they're growing pretty fast, and making all the other ISPs look useless, in terms of performance.

 

[SauRoNZA]

Yup, passwords going to have to change again. Very sad to see this happening. Intent is clearly malicious and not constructive in terms of telling the company in private about any security loopholes, allowing them to fix the issue.

Not sure what data they released last time but now they saying they have banking, addresses and ID details. Which taken together is a serious risk for fraud.

I'm not sure CW even have my ID information.

They don't have my bank details that's for sure.

 

[SauRoNZA]

Official Crystal Web ADSL performance feedback thread Part 3...

Why I asked iceman is that we all know he is an Afrihost customer. Him receiving the email points to a current forum member who created a new nick and sent that PM. This is not some random attack.

Why would it need to be an existing member?

You can view this thread without logging in.

It's certainly not random. There I would agree. And the nickname "DJ Stealth" says as much.