BreachExchange mailing list archives
ComNet Telecom a victim of hacking
From: Erica Absetz <erica () riskbasedsecurity com>
Date: Mon, 24 Jun 2013 10:29:44 -0500
http://www.scmp.com/news/hong-kong/article/1264660/comnet-telecom-victim-hacking Police have launched a probe into a cyberattack against a telecommunications firm in which more than 2,500 customers' data was stolen. The official website of ComNet Telecom (HK) Limited was found to have been hacked during a regular cyberpatrol by Commercial Crime Bureau officers on Tuesday. The firm, a subsidiary of Hong Kong-listed CITIC Telecom International Holdings, which has close ties to Beijing, provides fixed-line and IDD services. Customers' personal information - including names, e-mail addresses, login names and encrypted PINs - was stolen and transferred to an overseas website. The English-language website had a Twitter post by "TeamBerserk" on June 12 announcing the hack and data leak involving 2,583 accounts. A police source said the motive behind the cyberattack was still being investigated. No arrests have been made and no financial losses have been reported by customers. The source said the case had no apparent connections to the furore surrounding leaks concerning US network surveillance by Edward Snowden. Officers are investigating why and how the data theft happened. Last night, ComNet's website was under maintenance, with a message saying it would resume soon. The sites for ComNet in Taiwan and ComNet in Singapore were not affected. A police spokesman said last night ComNet had not found any sign of attack in its telecommunications system. A spokesman for ComNet said police had told it about the cyberattack but it had not received many customer inquiries about the leaks. He said the firm had taken a series of remedial security measures. It had warned customers to change their passwords as a precaution. The Privacy Commissioner has been notified and ComNet will maintain close contact with police. Charles Mok, the lawmaker representing the information technology sector, said he did not believe the incident was connected to the Snowden allegations. He had heard of someone claiming on a hacker website that they had successfully hacked a telecommunications firm and uploaded more than 2,500 customers' data. Lawmaker James To Kun-sun, deputy chairman of the Legislative Council security panel, said the case was serious. He suggested it was important to find out if the company had been providing ordinary telecom services or secured data services. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss-discuss Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- ComNet Telecom a victim of hacking Erica Absetz (Jun 24)