News is spreading that MWEB Business account details are available online after a hacker gained access to the info
MyBroadband has received information that MWEB Business ADSL’s database, which contains usernames, passwords and other personal information, has been hacked.
A message by the hacker, calling himself ‘Louis McCarty,’ was published on the website Seclists (which hosts archives of the “Full Disclosure mailing list”). The hacker did not have good things to say about the MWEB systems.
“Another day another pwn. You can see how they run things on negrolands. ISP sekuritY = unskilled noob team + broken webfrontends (made in india) + missing server certificates + high dsl prices. Millionaire douchebags get 4mbit fiber and the rest is fckd ,” the hacker said.
The message published on Seclist contains over 2,000 entries of accounts with details such as ADSL account names and passwords, line speeds and subscriber names.
MWEB Business said that they are currently investigating the apparent security breach.
MWEB promised that as soon as they receive conclusive feedback about the apparent security breach they will provide more in-depth information.
You may have heard or read in the media that an MWEB system was "hacked" and some user account information was compromised in the process. The system in question is a web interface provided by Internet Solutions, that is used to provision and manage a small group of customers on their ADSL network. This vulnerability has subsequently been secured.
Please note that there are less than a thousand customers who are potentially affected by this and if you are one of the affected users we will be contacting you to assist with the reset of your ADSL password, as an added security measure. Also note that most of our Business ADSL customers have already been moved over to our own ADSL IPC network during the course of the last few months.
Even though this was a low-risk event please be assured that we take the security of our networks and systems very seriously. If you have any further concerns or questions about this incident please feel free to contact us.
"Please note that there are less than a thousand customers who are potentially affected by this and if you are one of the affected users we will be contacting you to assist with the reset of your ADSL password"
Now how exactly would you know if you're one the affected users?
so must those of us using IS be contacting them and check our own?
"Integrity" and "integer" both contain a Latin root meaning "whole; complete." The root sense, then, is that people may be said to be acting with integrity when their beliefs, words, and actions have a sense of unity or wholeness.
I don't know how this could possibly be a low risk breach. If you use the same password for your adsl and email accounts, your email account details are currently floating about somewhere on the internet with some other bits of personal data.