Crystal Web suffers ADSL security breach

[Necropolis]

At least you guys acted immediately. You prevented any further potential losses and did not try to cover anything up. Although I am not a client, I do have respect for that.

Far better to admin when excrement has hit the fan - and tell your customers what you have done in response.

 

[Former member 61586]

Must admit. Not a CW fan. Agree this should not have happened to start with. But am impressed with the way it was handled. The rest of the ISPs can take notes.

 

[Toothless]

In retrospect, this is not really such a big issue, at all. Only a list of username and passwords. Yes, it was on their own server, basically open for 'public access', but still, do not really see it as a 'breach' as much as stupidity. A simple e-mail to clients and providing new passwords, a quick explanation and apology should have done it. A huge news article about a breach - I am not totally convinced.

 

[MickeyD]

In retrospect, this is not really such a big issue, at all. Only a list of username and passwords. Yes, it was on their own server, basically open for 'public access', but still, do not really see it as a 'breach' as much as stupidity. A simple e-mail to clients and providing new passwords, a quick explanation and apology should have done it. A huge news article about a breach - I am not totally convinced.

CW initiated the article with a media release. Kudos to them for transparency.

 

[karnuffel]

In retrospect, this is not really such a big issue, at all. Only a list of username and passwords. Yes, it was on their own server, basically open for 'public access', but still, do not really see it as a 'breach' as much as stupidity. A simple e-mail to clients and providing new passwords, a quick explanation and apology should have done it. A huge news article about a breach - I am not totally convinced.

well if you have usernames then you have something to try password1 against

 

[Bryn]

So glad I cancelled my CW account.

Speak for yourself. I just moved to CW and they're miles better than anything I've had before. Amazing latency and support.

 

[Toothless]

well if you have usernames then you have something to try password1 against

Just go to any bank, any free email services provider, any telecoms portal and try Password1 against any term such as john, pete, smith, jan, koos...

 

[arr0w]

Usernames can be anything before the realm name (@crystalweb.co.za for example). It's passwords that are unique and should not be 1122, for example.

So once we realised some passwords for DSL accounts had been disclosed, we changed them to prevent any potential issues and shut the door on this being able to happen again. For us it's really just a case of saying there was a list available on the portal, and we don't consider accessing it as hacking as it's our fault, and proactively solving the problem before it becomes one...

Aww man. I am conflicted about this. I am rooting for you guys and want you to do well but I am cautious about signing up with you guys now. I was considering moving over to you guys. I guess my only options for an isp are WebAfrica or Vox.

 

[MickeyD]

Aww man. I am conflicted about this. I am rooting for you guys and want you to do well but I am cautious about signing up with you guys now. I was considering moving over to you guys. I guess my only options for an isp are WebAfrica or Vox.

Both were hacked recently... nothing in the media, no?

 

[Toothless]

Both were hacked recently... nothing in the media, no?

True, I'd much rather stick with the honest company who admits to this and informs me what they have done to prevent this. The company who hides this, probably has a lot more to hide.

 

[SykomantiS]

Must be honest, haven't seen any such news. Would be a bummer if it's true.
Link?

 

[karnuffel]

Just go to any bank, any free email services provider, any telecoms portal and try Password1 against any term such as john, pete, smith, jan, koos...

fair but now someone may know what the username is... less guessing I guess. This is if someone got access to the list.....

 

[ToxicBunny]

Must be honest, haven't seen any such news. Would be a bummer if it's true.
Link?

To the CW "breach"?

Try the OP.

 

[SykomantiS]

In fairness, a hack is also from an external attacker - and there does not exist such a thing as an un-hackable system, this CW seems to have been someone on the inside leaking info, knowing or unknowing. Not quite the same, I would think.

 

[Toothless]

To the CW "breach"?

Try the OP.

No, I think he wants links to the Vox and other hacks.

 

[SykomantiS]

To the CW "breach"?

Try the OP.

Try reading. I was referring to a link about Vox being hacked.

 

[arr0w]

Both were hacked recently... nothing in the media, no?

Oh wow I wasnt aware of that. Why are people hacking adsl account information?

Does an ISP keep a log of every website visited?
Do ISPs record all activity of a user?

How does a hacker benefit from this?

 

[karnuffel]

Oh wow I wasnt aware of that. Why are people hacking adsl account information?

Does an ISP keep a log of every website visited?
Do ISPs record all activity of a user?

How does a hacker benefit from this?

free access maybe?

 

[arr0w]

free access maybe?

Maybe the hacker was an anti piracy organisation or government?

 

[MickeyD]

In fairness, a hack is also from an external attacker - and there does not exist such a thing as an un-hackable system, this CW seems to have been someone on the inside leaking info, knowing or unknowing. Not quite the same, I would think.

Define "leaking info". You make it sound as if it was a malicious act, which I don't read in the article.