IS says MWEB security breach ‘not a hack’
IS said in a press statement today that according to their log files there is no clear indication that the site was hacked, but that an authorized username and password was used to access the system.
Internet Solutions’ Sean Nourse, Executive of their Connectivity Business, explained that the person logged into the system using an existing ‘admin’ username and password, and that the rights of this user were restricted to the information published online.
“The user did attempt various SQL injections, but this was only after successful login,” says Prenesh Padayachee, Chief Technology Officer at Internet Solutions. “There were no failed login attempts,” he adds.
Padayachee adds that no other clients’ personal information, like email addresses and telephone numbers, was accessed during the security breach.
It is currently not clear how the person responsible for the security breach got hold of the admin username and password, but IS is investigating the issue.
The breach resulted in a number of MWEB business DSL customers’ usernames and passwords being made publicly available. IS has since been working closely with MWEB to re-provision security on the affected system and to monitor for unusual activity.
“Additional security has been put in place to further enhance security,” says Padayachee. “Internet Solutions is working closely with MWEB to ensure the continued functioning of the service in a robust fashion whilst these services are being migrated onto different systems,” he concludes.
IS and MWEB security breach << Comments and views