Bell Canada Database Hack

Hasan Ahmed - 2T Nanotechnology
Posted on: May 21, 2017

Oh boy, another one of these. Why do these keep happening, especially to big companies? Well, obviously they’ve got a large amount of information in their databases, so it makes sense that companies like Yahoo! and Bell are targeted frequently for hacks like these and why companies spend a ton on security to ensure customer information is never leaked, as well as methods for catching any attempted hackers. However, just a few days ago Bell lost 1.9 million active users’ email addresses and roughly 1700 names and phone numbers. Luckily, the company stated that very sensitive information such as financial statistics and passwords were not lost in the breach.

This was said to be separate from the recent WannaCry ransomware attack. Ransomware is an act where private and/or sensitive information is taken and held hostage until a ransom is paid by the company/individual. This is similar to a real-life ransom, except, obviously, technological. Occurrences of WannaCry recently exploded and affected users all around the world. It recently hit Waterloo too (as I saw in a picture in the Waterloo subreddit), however the University itself was safe from the attack, so don’t worry. Anyway, it would prompt you to pay a couple hundred dollars in bitcoin to get your files back. Yeah, hackers suck, but apparently this was patched by Windows so update your computers. In fact, a security researcher named Marcus Hutchins (who is only 22 years old and goes by his twitter alias, MalwareTechBlog) realized within the code was a long URL that was unregistered as a domain name. At the time, he didn’t realize registering that domain name would cause the ransomware to shut down; he only did it for tracking and was just “doing his job”, but it worked so hooray? I mean, his identity is kind of revealed but at the cost of stopping a large malware, I’d say it’s a good trade.

Back to Bell: it was not clear how the database was breached, how long it was breached for, and how they even got in. The hacker reportedly released a statement online (along with files of released information) saying that it was Bell’s fault for not cooperating, and if they continue to refuse, they’ll release the information. The RCMP has not found anything regarding the identity(s) of the hackers, but if it results in the laying of criminal charges, then they would confirm an investigation into the suspects.

I’ve written articles like this before and I always want to remind readers to keep your passwords relatively complex and don’t store them in plain text on your computer. Change them often if you really need to, and if you’re making a one-time account for a not-very-secure website, you might as well make the password incredibly complex in order to prevent a hacker from obtaining access to anything you might own. Yeah, that’s not exactly the best advice in this case, since Bell was the one hacked, but who knows. Better to be safe than sorry.