Bell Canada (BCE, TSX:BCE) has confirmed that a third-party system it uses was hacked, resulting in 22,421 user names and passwords – as well as 5 valid credit card numbers of Bell small-business customers – being publicly posted by the hackers over the weekend.
And according to databreaches.net, Bell was warned by the group that hacked the system weeks before the information was posted.
Bell did not say in a brief press release where the businesses whose information was posted were from, although according to some media reports it was confined to customers in Ontario and Quebec.
"In line with our strict privacy and security policies, Bell is contacting affected small business customers, has disabled all affected passwords, and has informed appropriate credit card companies," Bell said in its release.
"We continue to work with the supplier as well as law enforcement and government security officials to investigate the matter.
"Bell's own network and IT systems were not impacted. The issue does not affect Bell residential, mobility or enterprise business customers."
A hacker group that goes by the name NullCrew claimed responsibility for the hacking. And according to www.databreaches.net, the group had even warned Bell that its system had been hacked weeks before the group posted the information online.
A hacker claiming to be with NullCrew was interviewed by databreaches.net, in which the hacker provided an excerpt of a chat he or she had with Bell's online support, asking why its servers were running on Microsoft SQL server.
In the exchange, Bell insisted its Internet system was a secure one.
"If that's the case, why do I have access to several…and I mean SEVERAL user accounts?" the hacker asked.
In a Twitter exchange, NullCrew tweeted: "they knew the vulnerable section of the website for two weeks."
According to Bell ,the system that was hacked belongs to a third party provider.
