Vodafone Iceland Official Statement and Look into SMS Data.

Detailed report The past weekend has been interesting, especially for those who live in Iceland and mainly for Vodafone Iceland after 357MB of data was leaked from their systems servers. As it has been made aware already across many website Vodafone was and most likely still is logging your SMS text messages in MySQL based databases with direct links to user account details by way of user id although vodafone iceland claims the SMS was not from any personal device but from a web interface. The Vodafone Iceland leak has some interesting statistics. – 79,741 total SMS messages, many of which are group messages.

  • 5139 user ids related to senders of the 79,741 total sms messages.
  • **Most recent date is just last week, 28th of November 2013 which disproves the registers statement its old data. **
  • Top number of SMS per user id is: 2900, 2814, 2481
  • Icelandic news site declares some SMS are from politicians 
  • SMS was not from anyone’s personal device but ones from being sent from a web interface.

Vodafone Iceland has pulled the website offline it appears and has made a few announcements now via Facebook that they are aware of the breach and are meeting with police to investigate this further. first statement:

Due to breaking news from foreign computer hackers on our website today have numerous clients contact us . Attached are some frequently asked questions from customers and the answers to them : Are SMS I send from my phone on the internet ? ANSWER: no. The data in question are SMS that have been sent via the Vodafone website Are my bank details or credit card number online? Do I need to close my credit card ? ANSWER: Vodafone has no information to suggest that credit card information has leaked except in those instances where customers submit such information as text in vefSMS . Do I need to change my password to your online banking ? ANSWER: If you are my pages with Vodafone and use the same password there and into the banking site , we sincerely suggest to change the password immediately and on other sites that you use the same password on. What about sites that are hosted by Vodafone ? They were under attack , they are safe and need to change the password of the Province of tissue ? ANSWER: No, sites hosted by Vodafone were not attacked How do I get my emails ? ANSWER: You do not need to go into vodafone.is to get into your . You can go to www.internet.is Was go to my email hosted by Vodafone ANSWER: No, it was not done. Came hack the password fireplace on my router ? ANSWER: No The attack has any effect on my mobile phone , internet or TV ? ANSWER: The attack does not affect the communications of individuals and companies , not Internet use , cell phone or home phone use. How will you respond to the distribution of data from a robbery hash server ? ANSWER: Burglary on Vodafone website the night will be referred to the police . Officers Vodafone now sit in a meeting with police on the case. Any use or disclosure of the data Stoll is illegal and a serious violation of the privacy of people. Being intercept my phone ? ANSWER: No Went out information about SMS from banks? ANSWER: No Is reasonably safe to go on the internet ? ANSWER: Yes Is reasonably safe to go into my online banking ? ANSWER: Yes We’ll put some more answers as soon as they become available.

The second statement with confirmation about where the SMS come from.

Dear Facebook friends. The following email was from Vodafone tonight . ——- Dear Customers, The night 30 November hacked into Vodafone website , vodafone.is . Much has been written about innbrotið in the media today and many are insecure about the potential impact and scope . Among the data taken slave hand and was later made ​​public a copy of the text messages that had been sent from the website and login to the My Account pages. It should be pointed out that the bad guys did not get the SMS messages sent from telephones customers. We are certainly aware of the seriousness of the case and ask all involve sorry . We will make every effort to communicate information to you on the progress of the case and point in this context include the questions and answers on the company’s website and Facebook page. We have from the issue came up working with many of the country’s most talented professionals in data and network security issues to the analysis of what happened . They have discovered the way in which the said Hacker came in to our website and we take appropriate measures. Any time will there be until Our website will be back to full functionality, where it is taken into use in stages over the next few days. I hope this does you no great inconvenience , but we think it necessary to proceed with caution in the light of experience. Security Vodafone are constantly under review. We have in recent years enjoyed a multifarious consultancy in the field of security, made ​​countless updates and security audits of the necessary systems but today was tölvuþrjóturinn however one step ahead of us . We will then take the matter decisively and immediately begin work on to earn a new confidence that has been lost . For the Vodafone I ask all concerned excuse. Sincerely , Omar Svavarsson Vodafone CEO

About the author: Lee J

Security Analyst, Developer, OSINT, https://www.ctrlbox.com

Comments are closed.