Tuesday, May 16, 2017

Bell Canada 2017 Breach of 1.9M Emails represents 66% of Bells customer base - What got released?

The Globe and Mail obtained the hackers statement
"We are releasing a significant portion of Bell.ca data due to the fact that they have failed to [co-operate] with us", says the post, which was published Monday afternoon, several hours before Bell released its apology.

"This shows how Bell doesn't care for its [customers] safety and they could have avoided this public announcement Bell, if you don't [co-operate] more will leak :)." The post contains a link purporting to contain the customer information. It does not clarify what the anonymous poster was seeking co-operation for, or any further intent.

According to Troy Hunt, an Microsoft MVPer who runs haveibeenpwned.com has gotten a hold of the hacked dataset and says that no customer passwords were leaked in Bell Canada May 15, 2017 data breach. 

However, the following customer fields and associated data was leaked. It includes 
Email addresses and usernames.

Check if your Bell email has been hacked in recent Bell 2017 breach at 

Action: Change your username and password for your Bell Billing Account and Bell Email.

This breach represents conservatively 66% of Bells customer base, if we accept assume that Bell Fibe TV subscribers usually bundle their TV and internet, as per http://business.financialpost.com/fp-tech-desk/bell-is-now-canadas-largest-tv-provider-with-more-than-2-7m-subscribers-bce-inc-says. But we do not conclusively if this was from Bell Fibe TV leak or from BCE’s High-Speed Internet (HSI) who's customer base reached 3.4M in 2016. In this case, the breach is about 55% of HSI customer base


Breach: Bell (2017 breach)

Date of breach: 15 May 2017

Number of accounts: 2,231,256

Compromised data


This included customers and Bell employees;


Email addresses, Geographic locations, IP addresses, Job titles, Names, Passwords, Phone numbers, Spoken languages, Survey results, Usernames




Description


In May 2017, the Bell telecommunications company in Canada suffered a data breach resulting in the exposure of millions of customer records.
The data was consequently leaked online with a message from the attacker stating that they were "releasing a significant portion of Bell.ca's data due to the fact that they have failed to cooperate with us" and included a threat to leak more.
The impacted data included over 2 million unique email addresses and 153k survey results dating back to 2011 and 2012. There were also 162 Bell employee records with more comprehensive personal data including names, phone numbers and plain text "passcodes". Bell suffered another breach in 2014 which exposed 40k records.




No comments:

Post a Comment