Crystal Web ADSL performance feedback thread Part 3...

Status
Not open for further replies.
I also see from the MyBroadband article (http://mybroadband.co.za/news/adsl/180662-adsl-usernames-and-passwords-leaked-online.html) that apparently there was...

... an online leak of usernames, passwords, email addresses, and full names in June 2016.
Click to expand...

I just went back through my email to re-read the one that CrystalWeb sent me on 24th June 2016 that presumably relates to the hack mentioned in the quote above. Here is an excerpt...

In our continued efforts to remain pro-active in areas relating to your security, we have amended your password accordingly.

DSL username: ********** New Password: *********

If you make use of our portal, your password for that has been changed to: *********

This action was taken as a precautionary measure after suspicious activity was detected at a service provider utilised by Crystal Web. ...

...

...

We can assure you that no financial information, such as debit order details or credit card details are at risk at all, and there is no need to be concerned that any such information could be compromised by the provider in any manner, as this data is not stored nor relayed via these providers in any manner.
Click to expand...

That email really does not make it at all clear, at least to me, that my full name and email details had been leaked to a third party. It's all very well you (CW) talking about believing in open communication but if the June hack was as described in the MyBroadband article then I'm afraid you really did fail to communicate exactly what happened.

Is the article inaccurate or did my personal details really get stolen in June and you (CW) failed to tell me about this?

- Julian
 
Julian2 said:
I also see from the MyBroadband article (http://mybroadband.co.za/news/adsl/180662-adsl-usernames-and-passwords-leaked-online.html) that apparently there was...



I just went back through my email to re-read the one that CrystalWeb sent me on 24th June 2016 that presumably relates to the hack mentioned in the quote above. Here is an excerpt...



That email really does not make it at all clear, at least to me, that my full name and email details had been leaked to a third party. It's all very well you (CW) talking about believing in open communication but if the June hack was as described in the MyBroadband article then I'm afraid you really did fail to communicate exactly what happened.

Is the article inaccurate or did my personal details really get stolen in June and you (CW) failed to tell me about this?

- Julian
Click to expand...

The online data leak from a few months back contained PPPoE username, PPPoE password, name and email address. That list contains 9 unique last names for 'Julian', in case that interests you.
 
Bryn said:
I'm skeptical that a Sophos device can be had for R4k or less. At first I thought the Sophos SG 115 UTM small desktop is what I would want, but that costs hundreds of dollars.

From the Youtube videos I've seen on UniFi gateways, the interface and functionality looks pretty damn good. Very in-depth analysis of users and usage, stretching back as far as the device has been in operation and with the same slick presentation typical of other Ubiquiti products. And of course a nice overview of the current state of the network on the landing page.
Click to expand...

I just went to find out and the smallest SG 105 is $358 = R4800.

So yeah if the Unifi stuff offers the same features at that level it's not bad at all.

SG 115 is $479.
 
SauRoNZA said:
Square Meterage?

Centrally mounted?
Click to expand...

Yes, central. I'm guessing coverage is around... 1200 square meters.
Haven't been to the far corners of my stand so not 100% sure. (1400sqm plot)
 
@CW Rep if you still exist... Were cellphone numbers leaked by any chance? Just had a call from 011 035 4601 offering me LTE Uncapped from Telkom but they did not sound like a call desk and were very interested in the fact that my ISP is CW. The tinfoil hat part of me suspects that they are phoning around verifying the leaked data. Thankfully, no banking details were given...

*edit*

http://www.tellows.co.za/num/0110354601
 
Anakha56 said:
@CW Rep if you still exist... Were cellphone numbers leaked by any chance? Just had a call from 011 035 4601 offering me LTE Uncapped from Telkom but they did not sound like a call desk and were very interested in the fact that my ISP is CW. The tinfoil hat part of me suspects that they are phoning around verifying the leaked data. Thankfully, no banking details were given...
Click to expand...
Nope. No cell data.

Only DSL username and password. No email or phone numbers.

Also no further leaks of the personal data that was promised.
 
Orihalcon said:
Nope. No cell data.

Only DSL username and password. No email or phone numbers.
Click to expand...

Email addresses and names were also leaked a few months ago. This data has been used by/sold to South African advertisement agencies. Since the leak, my email address (which is unique for Crystal Web and on a .com domain, so not South Africa specific) has been spammed with a lot of South Africa-specific spam, in particular South African loans.
 
Sinbad said:
Yes, central. I'm guessing coverage is around... 1200 square meters.
Haven't been to the far corners of my stand so not 100% sure. (1400sqm plot)
Click to expand...

Oh wow that's pretty damn decent.

Ceiling mounted or wall mounted?

Normal A-frame roof?
 
Sinbad said:
Yes, central. I'm guessing coverage is around... 1200 square meters.
Haven't been to the far corners of my stand so not 100% sure. (1400sqm plot)
Click to expand...

As a different option to the UniFi stuff....

I've got 2 OpenMesh OM2P-HSv2 APs in my house. I have full 5 bar coverage over the whole house and about 10m around the house, and I have decent 3 bar signal across my entire 1700sqm plot.

Seems as if the APs are $95 each atm from www.open-mesh.com
 
new_in_za2 said:
Email addresses and names were also leaked a few months ago. This data has been used by/sold to South African advertisement agencies. Since the leak, my email address (which is unique for Crystal Web and on a .com domain, so not South Africa specific) has been spammed with a lot of South Africa-specific spam, in particular South African loans.
Click to expand...

Indeed.

What I find interesting however is the data in the latest leak...

My details were in the leak on the 23rd of June. I updated my password on the 25th of June. However my details were not in the latest round of leaks while others' were. Even their updated password from the previous leak.

Very interesting. I can only think that it was another upstream provider that was hacked. OR it was, again, IndigoVision that still retained some CW data on their servers and they failed - after being told - to securely salt and hash the data.

This leak only had usernames and passwords as well. As you rightly say the previous had names and emails too.

Really strange. Wish I had more knowledge on infrastructure to guess where this came from.

Oh well.

I'm still a CW customer and unless they rightfully cock up on some gigantic way...I'll stick around for the performance. I honestly don't get better ping and speed anywhere else.

Hope they plug all the holes though.
 
Orihalcon said:
Indeed.

What I find interesting however is the data in the latest leak...

My details were in the leak on the 23rd of June. I updated my password on the 25th of June. However my details were not in the latest round of leaks while others' were. Even their updated password from the previous leak.

Very interesting. I can only think that it was another upstream provider that was hacked. OR it was, again, IndigoVision that still retained some CW data on their servers and they failed - after being told - to securely salt and hash the data.

This leak only had usernames and passwords as well. As you rightly say the previous had names and emails too.

Really strange. Wish I had more knowledge on infrastructure to guess where this came from.

Oh well.

I'm still a CW customer and unless they rightfully cock up on some gigantic way...I'll stick around for the performance. I honestly don't get better ping and speed anywhere else.

Hope they plug all the holes though.
Click to expand...

I.e. my password that they sent after the 23 June hack was in there. I guess it was a combo of old and new data, basically the newest data they had for any and all accounts.
 
ToxicBunny said:
As a different option to the UniFi stuff....

I've got 2 OpenMesh OM2P-HSv2 APs in my house. I have full 5 bar coverage over the whole house and about 10m around the house, and I have decent 3 bar signal across my entire 1700sqm plot.

Seems as if the APs are $95 each atm from www.open-mesh.com
Click to expand...

Do you guys realise that Crystal Web actually sells a mesh solution on their site now?

1x AirTies 4920 - R1599
3x AirTies 4920 - R4699

They look nice:
http://www.airties.com/product-4920.html
 
Orihalcon said:
My details were in the leak on the 23rd of June. I updated my password on the 25th of June. However my details were not in the latest round of leaks while others' were. Even their updated password from the previous leak.
Click to expand...

That's interesting. This means that whoever leaked the data either didn't have access to information about all user accounts or they chose not to leak everything, possibly to obfuscate where the data came from.

If the data is incomplete because they didn't have access to all of it, I really have to wonder what the source is then. Literally the only place I've used my username and password is with PPPoE for actually connecting to the internet. The one time I wanted to use the portal (to change my password), there was no portal. Since I've only used my username/password for the very basic, that is normal internet login, they obviously didn't obtain the usernames and passwords from anywhere I provided the username and password to, which can only mean that the source is one of 4 possibilities:
1) Information obtained from Telkom's network during PPPoE login.
2) Telkom passing this information on to a third party, who then had the data stolen.
3) Obtained directly from Crystal Web.
4) Crystal Web passing this information on to a third party, who then had the data stolen.

Option 1 would explain why only a subset of the data was leaked, especially if data capturing only happened for a limited amount of time. In that case only anyone who established internet connectivity in the time frame would have had their data stolen.

Option 2 seems very unlikely to me and wouldn't explain the partial data set.

Option 3 is not impossible, but in that case, why is the data set partial?

Option 4 is certainly possible, but then the question is who Crystal Web shares this information with, why they share it and why they shared only a subset?

Of course, if the data set isn't complete due to the leaker wanting to create a distraction, then everything is possible.
 
Status
Not open for further replies.
Back
Top
Sign up to the MyBroadband newsletter
X