1.9 Million Bell Customer Email Addresses Stolen By 'Anonymous Hacker'

Bell, Canada's largest telecommunications company, said a hacker had accessed customer information containing about 1.9 million active email addresses and about 1,700 names and active phone numbers. The breach was not connected to the recent global WannaCry malware attacks, the company added. From a report: The information appears to have been posted online, but the company could not confirm the leaked data was one and the same. "There is no indication that any financial, password or other sensitive personal information was accessed," the company wrote in a statement. Bell said the incident was unrelated to the massive spike in ransomware infections that affected an estimated 200,000 computers in more than 150 countries late last week. It is not clear when the breach occurred, how the data was accessed, or how long the attacker had access to Bell's systems.

Pepperidge Farm remembers...

[grep+-v+'.*'+*]

1.9 million active email addresses and about 1,700 names and active phone numbers.

Remember the good old days when phone books ruled the earth? *1 The intrusion! OMG -- people could actually see how to spell your full name! AND obtain your phone number! AND your actual physical address. OH, the HORROR!! ( Heck, I understand the police force back then actually had phone number sorted phone-books instead of alphabetic ones for detective ease of use.)

Now, tying it to a specific usage case (customers) IS a little more specific, but being a customer of "Bell Canada's largest telecommunications company" isn't exactly an exclusive club. Same for the email addresses -- it's easy and effectively free to spam those, but aren't they receiving spam already? And just because "knowing" someone's there doesn't mean they'll actually be reading your message. Although it IS an ever-so-slightly more of a chance that they will. Almost doesn't seem like it's worth the bother -- but then again, I don't know anything about in the spam ecosystem.

It's still a bad event and should be prevented, but still: yawn. There is no indication that any [other data] was accessed" I'd be worried about what ELSE they did while they were (ARE) in there.

*1: You might not, but *I* do. Heck, I used and remember when the prefix was words and not just 7 or 10 numeric digits -- Mine was LOcust followed by 5 digits. My mom had a party line (single line shared between families, each with a separate ring) and even used a phone without a dial -- you picked it up and talked to the operator who then dialed it for you.

Re:Pepperidge Farm remembers...

[olsmeister]

I remember that you could pay extra for the privilege of an "unlisted" number as well.

Re:Pepperidge Farm remembers...

[Picodon]

Remember the good old days when phone books ruled the earth? *1 The intrusion! OMG -- people could actually see how to spell your full name! AND obtain your phone number! AND your actual physical address. OH, the HORROR!!

It’s true that we used to be more open to associating our names to where we’d live and what we’d do or say (no need for a nickname when writing to the editor of the local paper). The huge difference, however, is that such information was mostly available to our (relative) neighbours: people living close to us, who could know us and that we could know; and if one of them attempted something unsavoury, the neighbourhood cops would likely take care of it. Besides, any information was available on a relatively temporary basis: this week’s paper, this year’s phonebook (as evidence, look at how sensational old information occasionally gets digged out of forgotten archives, by complete chance).

Nowadays, on the other hand, whatever is published about you is persistently (and “searchably”) available to the entire planet. Potential readership ncludes the whole world’s pool of crooks (and not just today’s pool, tomorrow’s too), including a few that have the smarts, the technical means, the incentive (a mere thousand dollars goes a long way in many places) and the intent to harm you for profit (of various kinds: strategic, commercial, financial, etc.); who can use fairly massive computing power to cross-reference information obtained from many sources to build an actionable profile; and who can do all that from the comfort of their own parents’ basement, without fear of being caught, being often located in places that either support or turn a blind eye on their activities, or simply don’t have the means to find and prosecute them.

This particular case seems, I agree, much less than terrifying, and your other points (what else was done?) are well-taken! But at the same time, we should not necessarily diminish the importance of privacy concerns by drawing comparisons to what we could afford to do thirty years ago.

Re:Pepperidge Farm remembers...

[hawguy]

1.9 million active email addresses and about 1,700 names and active phone numbers.

Remember the good old days when phone books ruled the earth? *1 The intrusion! OMG -- people could actually see how to spell your full name! AND obtain your phone number! AND your actual physical address.

Back then it took real money (and actual humans) to set up a call center to try to bilk you out of your money.

Now you set up an IVR system to dial millions of numbers in the list and when you have an active lead, send that call to a live agent.

It's so cheap that they don't need to start with a list, they can just dial numbers randomly and let the computers screen for leads, but having actual names helps make a scam more believable.

Phone book leak?

Isn't this like "leaking" the old phone book? Name, address, telephone # (and now email address)?

Not a surprise

[gachunt]

After dealing with Bell's horrid customer service for many years, and seeing how little they care about their customers, the only surprise is that it took this long for a major breach to happen.

Re:Not a surprise

[wardrich86]

That's one of the greatest problems these days. Companies not paying enough to properly train employees, and employees not getting paid enough to actually care about the job they do.

How is this news?

[Sir+Holo]

So someone copied a list of email addresses from Bell.

Yawn.

Re:How is this news?

[Sir+Holo]

So someone copied a list of email addresses from Bell.

Yawn.

You seen unaware that Bell Canada provides managed security services for government and corporate clients. The irony is as thick as fog in Halifax Harbour.

Whoa. Thanks. LOL

Re:And nothing of value was lost

[Guspaz]

Funny thing how monopolies work.

Re:And nothing of value was lost

[DontBeAMoran]

Bell still has plenty of customers because there's zero competition in a lot of areas.

Re:Bell Service Not Universally Horrible

[DontBeAMoran]

The people on the technical side are always the best. The ones in customer service are stuck with the requirements of the company. The ones in billing don't seem to even be aware that prices in developed countries are a fraction of what we're paying here. And the people at the top don't even care that the speed and limitations of their internet services are the laughing stock of the planet.

Why don't companies learn

[SniffTheGlove]

1) Why can't most data be kept Airgapped. Do companies really need to have everything on the public internet

2) Why can't all data be encrypted in databases, not just passwords but everything. So what if it take a couple of extra seconds waiting for the decrypt.

Re:1.9 million Canadians?

[uberdilligaff]

The Canada - US exchange rate is currently 0.74, so that 1,900,000 Canadians converts to 1,406,000 Americans. But their gallons are bigger, though...

Re: 1.9 million Canadians?

[thundercattt]

Always makes my day to see Bell and their outsourcing scumbag company get some negative PR for consistently receiving the worst CDN company year after year. Rot in hell Bell