Bell Canada confirmed Sunday that usernames and passwords of 22,421 and five valid credit card numbers have been leaked by hackers. However, the organization points finger at Third-party saying the leak “results from illegal hacking of an Ottawa-based third-party supplier’s information technology system”.
Bell claims its own network wasn’t affected by this breach. Bell has disabled all passwords and notifying all affected users. They are currently working with law enforcement and government security officials to investigate the matter.
“Quite a laughable claim, Bell actually knows of the breach, they knew the vulnerable section of the website for two weeks.”In a response to the Bell’s claim, hackers said in their twitter account.
The screenshot provided to DataBreaches shows that the hackers had a chat with Bell Support team.
|Nullcrew chatting with Bell support team|
Hackers said a POST based SQL Injection vulnerability resides in the password recovery page of Bell’s sub-domain( https://protectionmanagement.bell.ca/passwordrecovery_1.asp)
|Post-based SQL Injection in Bell Canada|