Internet Solutions (IS) says the security breach reported for one of its business digital subscriber line (DSL) user-provisioning systems was not a hack. According to the IS log, there is no clear indication that the site was hacked, but that an authorised username and password was used to access the system.
“The user did attempt various SQL [database]injections, but this was only after successful login,” says IS chief technology officer Prenesh Padayachee. He says no other clients’ information was accessed in the process.
The breach resulted in a number of MWeb business DSL customers’ usernames and passwords being made publicly available.
IS has since been working closely with MWeb to fix security on the affected system and to monitor for unusual activity.
“Additional security has been put in place to further enhance security,” says Padayachee. “IS is working closely with MWeb to ensure the continued functioning of the service in a robust fashion while these services are being migrated onto different systems,” he says. — Staff reporter, TechCentral