A reader contacted Computing South Africa, having first picked up the story on the MyADSL forum. The e-mail, which appeared to have come from WBS's mail server, said: "As of 1 December, future and existing iBurst subscribers will have their usage cap doubled at no extra cost whatsoever."
iBurst head of marketing, Jacki Mpondo-Hendriks, says that the e-mail was a hoax, and that this was communicated to the iBurst subscribers. However, the hoax goes much deeper, it seems.
A subsequent posting on MyADSL revealed that the hoax e-mail was sent by [a group of] hackers, who gained access to iBurst's back-end systems via a known vulnerability.
The posting on MyADSL read: "...apologies to everyone who thought our last e-mail was for real. We just wanted to get some public awareness and pressure going, and we felt this would be the best way. We hope that iBurst will take our recommendations into consideration, and secure their damn servers properly."
The posting goes on to say that channel partners had been sent another mail from WBS's mail server indicating that iBurst's systems had been compromised and that their details were exposed.
"...another South African ISP with egg on their face and their inefficiencies shining through... iBurst and WBS will be resolving these security flaws and will be providing you with better efficient service in the future. Maybe. We're still thinking about it."
37 screenshots of the compromised server have been made available on the Internet, showing, in detail, the information to which the hacker[s] had access.
The screenshots included the personal details of 94.7 Highveld Stereo personality, Paul Rotherham (ID number, bank account details, contact details etc.), as well as user offense monitoring systems, traffic shaping tools, sales projections and CRM functions associated with the company's equipment orders and cost prices etc.
When asked about the vulnerability, iBurst seemed to be ignorant of the fact that its systems had been compromised, having only mentioned the hoax e-mail to CSA, and not the security breach. Mpondo-Hendriks would not offer any further comment on the issue prior to going to print, saying: "The issue is currently under investigation."
In the screenshots that were made public, Rotherham's details were masked. The second posting on MyADSL added: "We would also like to confirm that the individuals who compromised the server did so in order to highlight these vulnerabilities, and did not in any way, shape or form, use the information obtained."
While the breach is cause for concern both to iBurst and its subscribers, the information that was made public could hurt iBurst from a strategic point of view. At time of going to print, no further updates were available to CSA.