Thousands of customers of Bell Canada – the country’s largest ISP – have had their personal information leaked online by a hacking collective known as NullCrew. The leaked data mainly consists of customer’s email addresses and passwords, but also includes modem passwords and partial credit card numbers of 127 Bell customers.
“Go fuckin figure, people who are suppose to provide secure connection to the internet?” NullCrew says in the dump. “They can’t secure themselves.”
According to Lee Johnson from Cyber War News, the leaked data included:
12,708 User credentials with mixed user names/email addresses and passwords
28,602 user names and passwords which user names are partially mixed with users email addresses.
1,511 fax account users credentials with email addresses, user names, passwords and other related information.
1,531 credentials from a mitigation database
There is also modem passwords, service plan credentials with user name and passwords as well a total of 127 partial credit card details.
The leaked data has also been confirmed to be genuine by Troy Hunt from HaveIBeenPwned. Hunt has added the email accounts to the site’s database, so customers can check if their email address is one of customers affected by the breach.
The dump was published seventeen hours ago on the NullCrew’s website. Normally, customers would at least confirm they are “investigating” by this time. However, Bell Canada have been unusually quiet about this data breach. The company has not made any official statement on any of its social platforms, nor made any comment to the press about the security breach.
— NullCrew (@NullCrew_FTS) February 1, 2014