Less than 1 000 MWEB Business customers' accounts were briefly compromised yesterday (25 October) when access was gained to Internet Solutions' (IS) self-service management system that MWEB Business uses to provision and manage business accounts that have not yet been migrated to the MWEB network.
Andre Joubert, GM of MWEB Business, emphasised that only ADSL authentication usernames and passwords were compromised. The integrity of the personal or private data related to the accounts remains intact, as do the access credentials for each customer's bundled on-site router.
“Nevertheless, we see this breach in a very serious light and deeply regret any inconvenience this may cause affected customers,” he said.
“As soon as the breach came to our attention, we took immediate action to ascertain the extent of the compromise and to limit any damage that might have been caused. MWEB Business is in the process of contacting all affected customers to advise them that their passwords are being changed remotely,” he added.
The compromised accounts are the only MWEB Business customer accounts that have not yet been migrated to MWEB's own IPC network following its launch in April.
Historically, MWEB Business re-sold Internet Solutions' Uncapped & Fixed IP ADSL services, which were provisioned and managed by MWEB, using a Web-based management interface provided by Internet Solutions. All new Business ADSL services provisioned after April, as well as the bulk of legacy services already migrated, use MWEB's internal authentication systems, which were completely unaffected by this incident.
MWEB is working with Internet Solutions to investigate the nature and source of the compromise and to ensure that it does not recur.
Share