#CyberFLASH: Mounties charge Quebec teen for hacking Bell customer data, posting it online

web-na-bell-hacker13nw1

The Mounties have charged a young offender in Quebec after the user names, passwords and credit-card information from some of Bell Canada’s small-business customers were posted online.

The RCMP say they started investigating after one of Bell’s third-party IT suppliers was cyberhacked.

As a result of the hacking, investigators say, 22,421 user names and passwords and five valid credit-card numbers were displayed for anyone to see on the Internet.

A young offender, who cannot be identified because of his age, was arrested at a Bagotville, Que., residence early Friday and charged with one count of unauthorized use of a computer and two counts of mischief in relation to data.

Police said the accused is believed to be a member of a hacktivist group NullCrew, alleged to be responsible for hacking into computers of businesses, schools and government agencies.

Read more here

#CyberFLASH: NullCrew attack on Bell Canada was SQL injection and Bell knew weeks ago

Bell_chat

NullCrew has responded to Bell’s claim that it was a third-party supplier who got hacked by providing DataBreaches.net with more details about the hack and their conversations with Bell alerting them to the breach.

In an interview today, NullCrew revealed that they had access to Bell’s server for months, and had disclosed that to them in a chat with Bell Support weeks ago. A screenshot of the chat between NullCrew and Bell Support employee “Derek” shows that NullCrew was informing Bell that they were in possession of users’ information:

NullCrew states they actually gave them the vulnerable url and details, but got nowhere with them.

I informed them they didn’t have much time, and the world would soon see their failure…. Their response was exactly what you see in their article, bullshit. “Bell Internet is a secure service.” They did not even say they would look into it, they did not try and assess the exploit.. it was up, for two weeks. And only taken down after we released our data.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.