ComNet Telecom a victim of hacking

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.scmp.com/news/hong-kong/article/1264660/comnet-telecom-victim-hacking

Police have launched a probe into a cyberattack against a
telecommunications firm in which more than 2,500 customers' data was
stolen.

The official website of ComNet Telecom (HK) Limited was found to have
been hacked during a regular cyberpatrol by Commercial Crime Bureau
officers on Tuesday.

The firm, a subsidiary of Hong Kong-listed CITIC Telecom International
Holdings, which has close ties to Beijing, provides fixed-line and IDD
services.

Customers' personal information - including names, e-mail addresses,
login names and encrypted PINs - was stolen and transferred to an
overseas website.

The English-language website had a Twitter post by "TeamBerserk" on
June 12 announcing the hack and data leak involving 2,583 accounts.

A police source said the motive behind the cyberattack was still being
investigated.

No arrests have been made and no financial losses have been reported
by customers.

The source said the case had no apparent connections to the furore
surrounding leaks concerning US network surveillance by Edward
Snowden.

Officers are investigating why and how the data theft happened.

Last night, ComNet's website was under maintenance, with a message
saying it would resume soon. The sites for ComNet in Taiwan and ComNet
in Singapore were not affected.

A police spokesman said last night ComNet had not found any sign of
attack in its telecommunications system.

A spokesman for ComNet said police had told it about the cyberattack
but it had not received many customer inquiries about the leaks.

He said the firm had taken a series of remedial security measures. It
had warned customers to change their passwords as a precaution.

The Privacy Commissioner has been notified and ComNet will maintain
close contact with police.

Charles Mok, the lawmaker representing the information technology
sector, said he did not believe the incident was connected to the
Snowden allegations.

He had heard of someone claiming on a hacker website that they had
successfully hacked a telecommunications firm and uploaded more than
2,500 customers' data.

Lawmaker James To Kun-sun, deputy chairman of the Legislative Council
security panel, said the case was serious.

He suggested it was important to find out if the company had been
providing ordinary telecom services or secured data services.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.