Rsync errors lead to data leak at Canadian ISP, KWIC Internet

Steve Ragan reports on a leak first uncovered by Chris Vickery of MacKeeper Security Research Center. Kudos to Steve for ensuring that notification was made so that the files got secured, even though it’s not yet clear for how long they were exposed and whether others may have accessed them.  Steve writes:

Misconfigured Rsync instances across multiple servers has led to a data breach at a Canadian ISP, exposing sensitive information and affecting all of their customers.

For those unfamiliar with the tool, Rsync (remote sync) is commonly used by hosting providers, ISPs, and IT departments to backup data between servers. The ISP in question, KWIC Internet in Simcoe, Ontario, fixed the Rsync problems after being notified by Salted Hash, but it isn’t clear how long the company’s customers were exposed.


In all, there were terabytes of KWIC data exposed by the breach. The information inside the leaked databases included credit card details, email addresses, passwords, names, home and business addresses, phone numbers, email backups, VPN details and credentials, internal KWIC backups, and more.

The KWIC archives also included a common PHP shell named r57, and a PHP-based DDoS tool, suggesting that the company had been hacked at some point prior to leaking their backups to the public.

Read more on Salted Hash.

About the author: Dissent

Comments are closed.