The hacker group gained access, via a third party, to Bell Canada servers and take usernames, passwords, email addresses, partial credit card details for over 20,000 customers.
NullCrew hackers revealed the attack weeks ago, and have made public the data release Saturday. The site hosting the data release is now offline, but not before some security researchers and likely some attackers managed to download it.
The blogger behind DataBreaches.net interviewed the hackers, and has been shown screenshoots of conversations and of the hacking process that corroborate their claims that they had access to Bell’s server for months, and that they have (unsuccessfully) tried to inform Bell of it and of the vulnerability that allowed them to mount an SQL injection against the company’s protection management login page.
After an investigation, Bell Canada confirmed the information compromise, but said the servers in question are not theirs.
“Bell today announced that 22,421 user names and passwords and 5 valid credit card numbers of Bell small-business customers were posted on the Internet this weekend. The posting results from illegal hacking of an Ottawa-based third-party supplier’s information technology system,” the company said Sunday.
“In line with our strict privacy and security policies, Bell is contacting affected small business customers, has disabled all affected passwords, and has informed appropriate credit card companies. We continue to work with the supplier as well as law enforcement and government security officials to investigate the matter. Bell’s own network and IT systems were not impacted.”
NullCrew said it was Bell’s own servers that got hacked, but the company said the servers belong to a third-party supplier.