On the 5th October 14.5gb of my international bandwidth bundle was stolen.
No, it was not some runaway process or virus on any of my machines, and I know this because I shut down every machine on my home network at 8am before I left for work - except for my firewall and my modem.
I first realised something was up when I received a 1gb remaining sms notice from WA at 14h35. Unfortunately at the time I was traipsing around Sandton City sorting something out. Then I received a notice at 14h53 that my account had reached its usage limit.
I had just returned to my office, so I logged on to my WA control panel to see the following:
Total downloaded: 17 706 208 162 bytes 16.49 GB
Hour -- Bytes -- Used -- Usage
00:00 - 01:00 -- 2 352 942 bytes -- 2.24 MB <-- Went to bed
01:00 - 02:00 -- 133 726 585 bytes -- 127.53 MB
02:00 - 03:00 -- 1 211 189 327 bytes -- 1.13 GB <-- Theft starts
03:00 - 04:00 -- 1 215 020 662 bytes -- 1.13 GB
04:00 - 05:00 -- 1 126 840 445 bytes -- 1.05 GB
05:00 - 06:00 -- 2 229 658 351 bytes -- 2.08 GB
06:00 - 07:00 -- 1 068 917 281 bytes -- 1 019.40 MB
07:00 - 08:00 -- 1 098 426 858 bytes -- 1.02 GB
08:00 - 09:00 -- 1 083 808 969 bytes -- 1.01 GB <-- Shut down everything and went to work
09:00 - 10:00 -- 1 141 984 834 bytes -- 1.06 GB
10:00 - 11:00 -- 1 035 683 207 bytes -- 987.70 MB
11:00 - 12:00 -- 1 084 700 629 bytes -- 1.01 GB
12:00 - 13:00 -- 1 030 938 223 bytes -- 983.18 MB
13:00 - 14:00 -- 1 006 167 313 bytes -- 959.56 MB
14:00 - 15:00 -- 1 264 607 785 bytes -- 1.18 GB
15:00 - 16:00 -- 312 987 773 bytes -- 298.49 MB
16:00 - 17:00 -- 924 540 747 bytes -- 881.71 MB
17:00 - 18:00 -- 734 655 400 bytes -- 700.62 MB
18:00 - 19:00 -- 831 bytes -- 0 MB
I logged a ticket with WA support, and then a few minutes later I phoned the help desk, because I was concerned, and the woman I spoke to said she would log a ticket with development for further investigation, which she did.
When I got home, I went through my firewall logs and transparent proxy logs. By my calculations, the only data that had been downloaded through my connection was a whole 208mb. Nowhere was there any indication of further downloads. My firewall did not indicate any odd connections going through it (I do not use torrent). There was no way that any of my equipment used that data.
I ordered an uncapped service from another ISP (not mweb) and logged in to it. Strange how over the course of three days following, I think I used a whole 20mb of data, despite not having changed a thing on my network. So obviously the data usage did not occur from my side.
When I requested a follow up from WA, I received a note that I am not the only one that has experienced this problem, however I have not heard a thing since.
My WA control panel did not indicate any connections other than my line, either, although I did notice a lot of odd line ports and phone numbers showing up in my control panel.
Then it occurred to me that this is not the first time that I have had data theft. On the 30th July I also had an incident where my bandwidth got wiped out in a matter of hours, however I blamed it on Steam and a steamwatch malfunction (Which is really odd, since steamwatch had operated perfectly before that, and subsequently). I also logged a ticket with WA at the time that I have never had a satisfactory response to, other than arguments that Steam data is no longer free (although I pointed out some WA forum posts that indicated otherwise).
So now with the 5th October incident, I went back through my connection history in my WA control panel, to discover that on the 30th July, all those funky line numbers that were showing up in my control panel had been connected to my account.
What is interesting is that I am the only one, apart from WA and possibly their upstream providers that know my connection details - so how did these people get my account details? It was definitely NOT from me.
Obviously now the theft is getting more sophisticated, as there is no indication that anybody else is using the line, which would point fingers at someone who has the ability to manipulate the database information. I'm just speculating here.
I'm also guessing that my account is a SAIX account, and data theft from SAIX accounts is not unheard of.
But my biggest problem is that I am not getting much joy out of WA regarding this.
So far I'm very happy with my uncapped account, and it is costing me less than I pay for all the data I use over a month with WA, so at this point I don't think I'll be keeping my accounts with WA, despite being a loyal customer for several years. Especially if I can expect data theft to occur.
No, it was not some runaway process or virus on any of my machines, and I know this because I shut down every machine on my home network at 8am before I left for work - except for my firewall and my modem.
I first realised something was up when I received a 1gb remaining sms notice from WA at 14h35. Unfortunately at the time I was traipsing around Sandton City sorting something out. Then I received a notice at 14h53 that my account had reached its usage limit.
I had just returned to my office, so I logged on to my WA control panel to see the following:
Total downloaded: 17 706 208 162 bytes 16.49 GB
Hour -- Bytes -- Used -- Usage
00:00 - 01:00 -- 2 352 942 bytes -- 2.24 MB <-- Went to bed
01:00 - 02:00 -- 133 726 585 bytes -- 127.53 MB
02:00 - 03:00 -- 1 211 189 327 bytes -- 1.13 GB <-- Theft starts
03:00 - 04:00 -- 1 215 020 662 bytes -- 1.13 GB
04:00 - 05:00 -- 1 126 840 445 bytes -- 1.05 GB
05:00 - 06:00 -- 2 229 658 351 bytes -- 2.08 GB
06:00 - 07:00 -- 1 068 917 281 bytes -- 1 019.40 MB
07:00 - 08:00 -- 1 098 426 858 bytes -- 1.02 GB
08:00 - 09:00 -- 1 083 808 969 bytes -- 1.01 GB <-- Shut down everything and went to work
09:00 - 10:00 -- 1 141 984 834 bytes -- 1.06 GB
10:00 - 11:00 -- 1 035 683 207 bytes -- 987.70 MB
11:00 - 12:00 -- 1 084 700 629 bytes -- 1.01 GB
12:00 - 13:00 -- 1 030 938 223 bytes -- 983.18 MB
13:00 - 14:00 -- 1 006 167 313 bytes -- 959.56 MB
14:00 - 15:00 -- 1 264 607 785 bytes -- 1.18 GB
15:00 - 16:00 -- 312 987 773 bytes -- 298.49 MB
16:00 - 17:00 -- 924 540 747 bytes -- 881.71 MB
17:00 - 18:00 -- 734 655 400 bytes -- 700.62 MB
18:00 - 19:00 -- 831 bytes -- 0 MB
I logged a ticket with WA support, and then a few minutes later I phoned the help desk, because I was concerned, and the woman I spoke to said she would log a ticket with development for further investigation, which she did.
When I got home, I went through my firewall logs and transparent proxy logs. By my calculations, the only data that had been downloaded through my connection was a whole 208mb. Nowhere was there any indication of further downloads. My firewall did not indicate any odd connections going through it (I do not use torrent). There was no way that any of my equipment used that data.
I ordered an uncapped service from another ISP (not mweb) and logged in to it. Strange how over the course of three days following, I think I used a whole 20mb of data, despite not having changed a thing on my network. So obviously the data usage did not occur from my side.
When I requested a follow up from WA, I received a note that I am not the only one that has experienced this problem, however I have not heard a thing since.
My WA control panel did not indicate any connections other than my line, either, although I did notice a lot of odd line ports and phone numbers showing up in my control panel.
Then it occurred to me that this is not the first time that I have had data theft. On the 30th July I also had an incident where my bandwidth got wiped out in a matter of hours, however I blamed it on Steam and a steamwatch malfunction (Which is really odd, since steamwatch had operated perfectly before that, and subsequently). I also logged a ticket with WA at the time that I have never had a satisfactory response to, other than arguments that Steam data is no longer free (although I pointed out some WA forum posts that indicated otherwise).
So now with the 5th October incident, I went back through my connection history in my WA control panel, to discover that on the 30th July, all those funky line numbers that were showing up in my control panel had been connected to my account.
What is interesting is that I am the only one, apart from WA and possibly their upstream providers that know my connection details - so how did these people get my account details? It was definitely NOT from me.
Obviously now the theft is getting more sophisticated, as there is no indication that anybody else is using the line, which would point fingers at someone who has the ability to manipulate the database information. I'm just speculating here.
I'm also guessing that my account is a SAIX account, and data theft from SAIX accounts is not unheard of.
But my biggest problem is that I am not getting much joy out of WA regarding this.
So far I'm very happy with my uncapped account, and it is costing me less than I pay for all the data I use over a month with WA, so at this point I don't think I'll be keeping my accounts with WA, despite being a loyal customer for several years. Especially if I can expect data theft to occur.
Last edited:
