A1 Telekom Austria is a big deal in Austria. It offers mobile contracts, cable access, webhosting, and internet. As such, the internet service provider has of course a lot of user information in its different databases – which make it an interesting target for hackers. And hacked it was.
Data stored in plain text
According to a report from heise.de, a hacker has recently broken into the databases of A1 and stole data like Names, phone numbers, email addresses and passwords – and all of it was stored in plain text which is just brutal negligence. Only customers of their webspace area were affected.
Wir haben einen Hinweis bekommen, dass auf einem unserer Server eine Datenbank angegriffen wurde und Userdaten und Passwörter für Privatkunden-Webspaces von 2011 und älter abgezogen wurden. Um potenziellen Missbrauch zu vermeiden wurde der Server offline genommen…
— A1 Telekom Austria (@A1Telekom) 4. Oktober 2018
While the data more or less stems from 2011 and from a service the company stopped offering back then, they are of course still customers who use it. It is still unclear as to how many users were affected since A1 is not sharing this information.
Hacker boasted on Twitter
Heise, who informed the company of the potential hack, found out about it on Twitter, where the hacker made fun of A1 because of their old systems and outdated security.
A1 so: “Da zieht ne komische VPN-IP von einem unserer älteren Server so viel Traffic, blacklisten wir sie ohne nachzuschauen weshalb. Wird schon keiner ne User-PW-Tabelle runterladen oder gar die IP (zum zweiten Mal) wechseln.” Verhindert den Download, er läuft noch. @A1Telekom pic.twitter.com/jPwBpNBYbr
— NaHabedere (@NaHabedere) 2. Oktober 2018
The internet service provider reacted fast: They were able to find and stop the leak in just a few hours. By now the vulnerable systems have been taken offline and affected customers are informed.