On Saturday, hackers from the NullCrew group announced their return with a massive data leakage: tens of thousands of records belonging to Bell Canada customers are released to Internet. The telco has admitted that the data breach has taken place, but denies that its systems have been breached.
"OR Bell announced today that 22.421 passwords and usernames and 5 of the company's customer credit card numbers were posted on thenetwork this weekend," Bell said.
However, the company reports that the data has been obtained from third party partner systems in Ottawa.
"In accordance with its strict privacy and security policies, Bell has been in contact with its hacked customers, has disabled all passwords, and has informed credit card companies. "We will continue to work with the supplier as well as law enforcement to investigate the matter," Bell said.
"Our systems have not been affected. The issue does not affect Bell services or business customers. "
The representatives of the activist group NullCrew they told DataBreaches.net that it's a "pretty ridiculous claim." The hackers said they shared the vulnerability στην Bell Canada, και το γεγονός ότι απέκτησαν πρόσβαση σε πληροφορίες πελατών πριν από two weeks.
A screenshot shows that hackers tried to report the security hole in Bell's customer support, but the technician did not understand what NullCrew members were trying to say.
Hackers insist that the systems that have been infringed belong to Bell and not to a third person. They claim that they have gained access to user information through a vulnerability in the subdomain protectionmanagement.bell.ca.