SauRoNZA
Honorary Master
This is all new information...after the old one got shutdown.
-
Join the MyBroadband community
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
-
Question of the Day: If you were buying a TV today, which brand would you choose?
Crystal Web ADSL performance feedback thread Part 3...
- Thread starter Crystal Web Support
- Start date
- Status
This is all new information...after the old one got shutdown.
Ho3n3r
Honorary Master
He's referring to the method applied, which was probably the same method as used before. You can get current information with the same method, if it's a database query or something, with compromised credentials.
SauRoNZA
Honorary Master
Yah but that means CW was lying to us...
They claimed the hack happened at a third party which had accumulated the data. That third party was allegedly cut off from their services and then passwords were reset.
So what's the truth really?
CataclysmZA
Executive Member
- Joined
- Apr 1, 2010
- Messages
- 5,595
- Reaction score
- 1,613
Yup. The thing that is new is the name left to credit the hack, and the following:
by the South African Post Office
Still to come: banking details, addresses, ID numbers and more
media? [email protected]
... was at the top of the paste. The paste's name is also "Crystal Web - Strike 3".
Edit: Here's a comforting thought - CW doesn't host mail inboxes using your DSL username. That would have been a disaster if those services were in place.
Last edited:
Icemanbrfc
Honorary Master
It depends how it was hacked, and if the method used, was exactly the same as the previous times. If it is the same method, then there is somewhere an issue still on the CW side.
One would assume that, because its a 3rd time, that the person/s could be an employee or an ex one who knows the system?
Hopefully CW rep dude will be on shortly to explain what is happening
SauRoNZA
Honorary Master
In my opinion if something like this happens twice in the same manner...then it's negligence on CW's part.
Then I feel the hacker is almost justified in proving his point.
Ho3n3r
Honorary Master
I don't know what they said, I just know it's data from 23 June or later, because that's when my password was last changed due to the previous hack, and it's on there.
Ho3n3r
Honorary Master
Fully agreed. And I just told Live Support as much.
Interestingly, they weren't aware of it yet.
msquared
Expert Member
I was on the old hack list but I left CW for another "he who should not be named" about October last year. I joined CW again July. I never got a mail. Maybe the hack took place months again and he was sitting on the info?
Icemanbrfc
Honorary Master
For sure, but we still dont know if the system was hacked along the same path, or if this was a completely different entry.
If it was a different method, along a completely different path within the CW systems, then that is a big concern.
I would assume, that the previous holes were patched, but if it was, and they still got through, then that will be a concern.
Ho3n3r
Honorary Master
By July, you mean 1 July?
If so, that narrows the timeline down to between 23rd and 30th of June...
Icemanbrfc
Honorary Master
Did you change your password, immediately after CW changed it? Or did you leave it as is? If you did change, and this current list still shows the password CW changed it to, then could this be more a warning, rather than current passwords?
msquared
Expert Member
It would have been the start of the month
Ho3n3r
Honorary Master
I didn't change it because they already changed it, so I saw no need.
Ho3n3r
Honorary Master
I hope CrystalWeb appreciates the seriousness of this. Whilst I can understand that stuff like that happens, twice in 3 months is a bit uncalled for. I wasn't concerned at all after the first time, but now the alarm bells are ringing.
CataclysmZA
Executive Member
- Joined
- Apr 1, 2010
- Messages
- 5,595
- Reaction score
- 1,613
While a lot of the passwords are randomly generated, some are user-chosen. So, probably not.
Edit: Support is swamped this morning with password change requests and such. My guy is probably running between 10 conversations now.
Last edited:
requiem
Expert Member
- Joined
- May 10, 2009
- Messages
- 4,070
- Reaction score
- 1,161
I am quite sure CW defended the last hack claiming some third party provider was compromised.
Then CW promised they have dealt with it - and we will be suprised to hear who else got hacked.
They were lambasted for storing passwords in plain text, they promised this will not be the case going forward.
Good intentions are all fine and well, but take for example my brother (stupidly) uses the same password for his online banking as with CW. Have now educated him on this.
All in all this is a very very poor showing by CW.
I will have to dig up previous communication - but this is how I remember events.
Then CW promised they have dealt with it - and we will be suprised to hear who else got hacked.
They were lambasted for storing passwords in plain text, they promised this will not be the case going forward.
Good intentions are all fine and well, but take for example my brother (stupidly) uses the same password for his online banking as with CW. Have now educated him on this.
All in all this is a very very poor showing by CW.
I will have to dig up previous communication - but this is how I remember events.
AfricanTech
Honorary Master
No the hacker is not justified.
A whitehat would inform CW with respect to the vulnerability found not spread fear, uncertainty and doubt.
I was told they do not have the ability to change the password to a password of my choice when I asked this morning. The new password was randomly generated and sent to me via SMS.
CataclysmZA
Executive Member
- Joined
- Apr 1, 2010
- Messages
- 5,595
- Reaction score
- 1,613
And I was told that I'd have to be manually moved over to the new infrastructure before getting a new password. So it's quite possible that the passwords that have been leaked are all from the old infrastructure, because it was still possible to specify your own password back then, IIRC.
- Status