On Saturday, the hackers of the team NullCrew announced their return with a massive data leak: tens of thousands of records belonging to Bell Canada customers have gone online. The telco has admitted that the data breach has taken place, but denies that its systems have been breached.
"OR Bell "It announced today that 22.421 passwords and usernames and 5 of the company's credit card digits were posted online this weekend," Bell said.
However, the company reports that the data has been obtained from third party partner systems in Ottawa.
"In accordance with its strict privacy and security policies, Bell has been in contact with its hacked customers, has disabled all passwords, and has informed credit card companies. "We will continue to work with the supplier as well as law enforcement to investigate the matter," Bell said.
"Our systems have not been affected. The issue does not affect Bell services or business customers. "
The representatives of the activist group NullCrew they told DataBreaches.net that it's a "pretty ridiculous claim." The hackers said they shared the vulnerability at Bell Canada, and the fact that they gained access to customer information two weeks ago.
A screenshot shows that the hackers tried to report the security hole to Bell customer support, but the technician didn't understand what the NullCrew members were trying to say.
The hackers insist that the compromised systems belong to Bell and not to a third party. They claim to have gained access to user information through a vulnerability in the subdomains protectionmanagement.bell.ca.