Crystal Web suffers ADSL security breach

So sounds like an email went through to the wrong person via email, who either forwarded or published himself?
So guess it is fairly easy to pinpoint the individual or at least get close to him/her?
 
Worrying that such a thing was allowed onto a public server, but their response to the incident is precisely what I would expect.
They were notified, they pulled the entire portal site down, and they're changing DSL passwords and notifying all customers of this rather than trying to hide it.
 
There's no truth to the rumour that it was Multichoice... the information would not help them to spy on any citizens!
 
ToxicBunny said:
Worrying that such a thing was allowed onto a public server, but their response to the incident is precisely what I would expect.
They were notified, they pulled the entire portal site down, and they're changing DSL passwords and notifying all customers of this rather than trying to hide it.
Click to expand...
Which major mobile operator was that again? The red one?
 
Shame, poor CW they finally get an article on MyBB and it's about a security breach :(
 
Crystal Web CEO Shaun Kaplan said the “old DSL username and password list” was intended for admins and developers to test portal connectivity with.

Once the list was found to be exposed, it was removed from the ISP’s servers and potential security breaches were investigated.
Click to expand...

This should never have happened from the start, but at least no personal identifiable information was linked, so this is okay, at least.
 
Fudzy said:
Aren't usernames usually [email protected]?
Click to expand...

Usernames can be anything before the realm name (@crystalweb.co.za for example). It's passwords that are unique and should not be 1122, for example.

So once we realised some passwords for DSL accounts had been disclosed, we changed them to prevent any potential issues and shut the door on this being able to happen again. For us it's really just a case of saying there was a list available on the portal, and we don't consider accessing it as hacking as it's our fault, and proactively solving the problem before it becomes one...
 
DJ... said:
Completely agreed...
Click to expand...

At least you guys acted immediately. You prevented any further potential losses and did not try to cover anything up. Although I am not a client, I do have respect for that.
 
DJ... said:
Usernames can be anything before the realm name (@crystalweb.co.za for example). It's passwords that are unique and should not be 1122, for example.

So once we realised some passwords for DSL accounts had been disclosed, we changed them to prevent any potential issues and shut the door on this being able to happen again. For us it's really just a case of saying there was a list available on the portal, and we don't consider accessing it as hacking as it's our fault, and proactively solving the problem before it becomes one...
Click to expand...

LOL at the 1122 example!!!

As a customer I would not be happy, but I have respect for the fact that you are upfront with the info and that you are accepting responsibility.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X