The usernames, passwords, email addresses, and full names of Crystal Web’s customers have been leaked online.
The leaked list was posted online by a person who goes by “~hades”, and contained just over 5,400 sets of details of Crystal Web clients.
In an email to customers, Crystal Web said that “suspicious activity was detected at a service provider”, and that their usernames and passwords had been changed as a result of the leak.
“Crystal Web has reset all customer passwords as a general security precaution. An investigation into the matter by the security experts at both the provider and their host established that in 2013 a hacker uploaded malicious content to a managed server,” said Crystal Web.
As the investigation was ongoing, it could not disclose the name of the compromised party or how they were impacted.
“We can confirm that this did not take place on the Internet Solutions backbone, nor any system of Dimension Data and their subsidiaries.”
The user base leak follows a DSL username and password breach on Crystal Web’s online portal in November 2015.
No personal information was exposed and the breach was patched, said Crystal Web at the time.