South African ISP suffers massive password leak online

quovadis

Executive Member
Joined
Sep 10, 2004
Messages
7,309
Are these guys still forcing users to register and log into their portal with no SSL ?
 

Jings

Treasure Maker
Joined
Mar 6, 2012
Messages
39,153
If usernames, passwords, email addresses, and full names have been leaked, how can Crystal Web say no personal information was exposed? The hacker now possesses full names and e-mail addresses of 5400 clients.
 

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
78,902
All passwords were changed as soon as evidence of the leak became apparent...

The no exposed thing was part of the other breach on the portal, last year.
 

bwana

MyBroadband
Super Moderator
Joined
Feb 23, 2005
Messages
86,431
If usernames, passwords, email addresses, and full names have been leaked, how can Crystal Web say no personal information was exposed? The hacker now possesses full names and e-mail addresses of 5400 clients.

That might have been in reference to a previous security breach last year?
 

Bryn

Doubleplusgood
Joined
Oct 29, 2010
Messages
16,581
I got a PM from Hades too. Interestingly, my email address field was blank in that list of customers. Is that why I never received the email containing my new password?
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
58,840
Standard OpenWeb function... :p

Second article I've ever read about CW, on MyBB and it has to be bad news...
 

Jings

Treasure Maker
Joined
Mar 6, 2012
Messages
39,153
That might have been in reference to a previous security breach last year?

In that case the article is badly written because it gives the impression the leak is current. First paragraph:

The usernames, passwords, email addresses, and full names of Crystal Web’s customers have been leaked online.

The leaked list was posted online by a person who goes by “~hades”, and contained just over 5,400 sets of details of Crystal Web clients.
 

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
78,902
I got a PM from Hades too. Interestingly, my email address field was blank in that list of customers. Is that why I never received the email containing my new password?

Interesting. He went to you, to mybb, but not to crystal web themselves?
 

bwana

MyBroadband
Super Moderator
Joined
Feb 23, 2005
Messages
86,431
In that case the article is badly written because it gives the impression the leak is current. First paragraph:

Not really:

The user base leak follows a DSL username and password breach on Crystal Web’s online portal in November 2015.

No personal information was exposed and the breach was patched, said Crystal Web at the time.
Perhaps they could lose the paragraph break though.
 

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
78,902
Hardly a conflation. If my e-mail address and full name was leaked online, I'd be pretty pissed off as a client.

Imagine how the CW staff feel. This was a service provider who was compromised before their company even started...
 

bwana

MyBroadband
Super Moderator
Joined
Feb 23, 2005
Messages
86,431
I got a PM from Hades too. Interestingly, my email address field was blank in that list of customers. Is that why I never received the email containing my new password?

How did he know to contact you directly? :confused:
 

Bryn

Doubleplusgood
Joined
Oct 29, 2010
Messages
16,581
Interesting. He went to you, to mybb, but not to crystal web themselves?

I'd be surprised if DJ wasn't also PM'd. The hades guy must have regarded that as due diligence with regards to notifying CW.
 
Top