14 DAY TRIAL // On Saturday, hackers of the NullCrew group announced their return with a massive data leak: tens of thousands of information records belonging to Bell Canada customers. The telecoms company has admitted that the leaked data is valid, but denies that its own systems have been breached.
“Bell today announced that 22,421 user names and passwords and 5 valid credit card numbers of Bell small-business customers were posted on the Internet this weekend,” Bell stated.
However, the company says the data has been obtained from the systems of a third-party supplier based in Ottawa.
“In line with our strict privacy and security policies, Bell is contacting affected small business customers, has disabled all affected passwords, and has informed appropriate credit card companies. We continue to work with the supplier as well as law enforcement and government security officials to investigate the matter,” Bell’s statement reads.
“Bell's own network and IT systems were not impacted. The issue does not affect Bell residential, mobility or enterprise business customers.”
After seeing the statement, NullCrew representatives have told DataBreaches.net that it’s a “quite laughable claim.” The hackers said they notified Bell Canada of the vulnerability and of the fact that they gained access to customer information two weeks ago.
A screenshot shows that the hackers attempted to report the security hole to Bell customer support, but the technician didn’t understand what NullCrew was trying to say.
The hackers insist that the systems they’ve breached belong to Bell, not a third party. They claim to have gained access to user information through a vulnerability on the protectionmanagement.bell.ca subdomain.
However, Bell Canada says it’s certain the data hasn’t been taken from their own infrastructure. Security researcher Adam Caudill believes Bell could be telling the truth, since it’s not uncommon for a subdomain of a major company to point to the systems of a third party.
DataBreaches.net has found that the protectionmanagement.bell.ca domain resolves to an IP registered to a company called Magma Communications, which is based in Ottawa.
Security expert Troy Hunt has obtained a copy of the letter sent out by Bell to impacted customers. In the notification, Bell advises impacted users to contact them to determine if any action is required.
In the meantime, Troy has updated the “Have I Been Pwned?” service to include the data leaked by NullCrew. If you fear this breach might impact you, check out haveibeenpwned.com.