MyBroadband has received information that MWEB Business ADSL’s database, which contains usernames, passwords and other personal information, has been hacked.
A message by the hacker, calling himself ‘Louis McCarty,’ was published on the website Seclists (which hosts archives of the “Full Disclosure mailing list”). The hacker did not have good things to say about the MWEB systems.
“Another day another pwn. You can see how they run things on negrolands. ISP sekuritY = unskilled noob team + broken webfrontends (made in india) + missing server certificates + high dsl prices. Millionaire douchebags get 4mbit fiber and the rest is fckd :(,” the hacker said.
The message published on Seclist contains over 2,000 entries of accounts with details such as ADSL account names and passwords, line speeds and subscriber names.
MWEB Business said that they are currently investigating the apparent security breach, and initial feedback suggests that information is only for part of the Business ADSL base that has not yet been migrated to the MWEB network from Internet Solutions.
According to feedback from one industry player it is in fact Internet Solutions’ provisioning system which has been compromised which resulted in some MWEB Business’ ADSL accounts details, which are still hosted with IS, being revealed. This could however not be confirmed immediately.
“We see this breach in a very serious light and will do all to safeguard our subscribers and their information. The initial indication is that only the ADSL authentication usernames and passwords have been compromised. No other data were compromised. We are still investigating further and will let our subscriber know shortly what actions we have taken. The accounts involved have a single log-on enabled and are uncapped account. Risk to the end user is limited. We are working with Internet Solutions to reslove the matter” an MWEB spokesperson said.
MWEB promised that as soon as they receive conclusive feedback about the apparent security breach they will provide more in-depth information.
“The interface provided by Internet Solutions to provision and manage our customers on their ADSL network was compromised. This has subsequently been secured. There are less than a thousand customers who are potentially affected by this, as most have already been moved over to our own IPC network during the course of the last few months. We will be contacting these customer to reset their passwords, as an added security measure,” MWEB said in an official statement.
MWEB Business ADSL hacked << Discussion