MWEB hacked

2010-10-25 14:54

Cape Town - Internet service provider (ISP) MWEB has been hacked and the details of several of their business clients have been posted online.

It is unclear how the hacker gained access to the MWEB database, but the posting on Seclists included names and login details from various companies.

"We have 1 000 clients still on the Internet Solutions network and we are busy migrating them off that old server (which is) the one they attacked," MWEB CEO Rudi Jansen told News24.

He said that there were "a couple of weak links" that allowed the hack, but that the hacker was not able to get any personal information and the clients sustained no losses from the attack.

Nevertheless, he conceded that it was embarrassing for MWEB and was in contact with clients to advise them on what to do.

Racist overtone

"It's never nice to be on the receiving end of an attack and we get about 5 000 hack attacks a day and this one slipped through. It's a single-use logon, so even if the attacker gets hold of the information, it doesn't matter because it's useless to them."

Jansen said that the racist overtone of the posting on Seclists was probably related to nationality of the poster, rather than the hacker.

"These guys are linked to WikiLeaks and they just post things as they come - it's probably American."

Jansen urged all internet users to be vigilant with usernames and passwords.

"We tell our clients to change their usernames and passwords regularly."

According to HackingStats, the total number of South African websites hacked so far this year is 14 119.

News24 is part of, a subsidiary of Media24, which is in the Naspers stable. MWEB is a subsidiary of Naspers.

- Follow Duncan on Twitter

  • Stellio - 2010-10-25 15:13

    I've been with Mweb for over a year now at home and at work and I've never been told once to change my password... if this was a priority then surely customers would receive a regular reminder?

  • The Realist - 2010-10-25 15:21

    LOL @ MWEB... and wikileaks rocks! power to the people!

  • Ivanj - 2010-10-25 15:26

    ""These guys are linked to WikiLeaks and they just post things as they come - it's probably American.""


  • non mweb subscriber - 2010-10-25 15:27

    thought it funny that just above this article was another with heading:
    MWEB won ISP of the Year award

  • Collitjies - 2010-10-25 15:32

    Why should they tell you it is only your money they want. My ISP gives a reminder every now and again to change my password although I've not done so yet as I'm a small user.

  • Anonymous-Anticorruption - 2010-10-25 15:34

    I'm also with Mweb and I change my password every 30 days. Being in the IT Industry I know how easy it is to get people's passwords and username's. There are various sniffer tools and software that can get username's, passwords, data etc on the internet that is available. That is why I use common sense and change my password.

  • JRS - 2010-10-25 15:37

    so its actually Internet Solutions who were hacked, so much for accurate news reporting. But I guess it makes for a much sexier headline saying Mweb hacked, cause ppl don't really know who IS are....

  • Pieter - 2010-10-25 15:40

    Why on earth was plain passwords stored to begin with? Store encrypted hashes like the rest of the world with even a sense of security...

  • Mweb problem - 2010-10-25 15:42

    On Saturday 16 October 2010 I could not connect to the Internet. After a few frustrating hours I realised the last 1.5 of my 2 Gig cap was gone - disappeared that same morning - could not have been me because I could not connect. Mweb eventually - after speaking to four people accepted responsibility for this but they say it is not possible to re-imburse me what was lost - I now have to buy a booster to see me through the rest of the month. They say it happenned to other clients as well but it will not happen again. Can someone recommend a better ISP? I think it is time to switch.

  • WTF - 2010-10-25 15:45

    Hetzner got hacked last week. My company received an e-mail from them advising us that our usernames and passwords might have been compromised and that they couldn't guarantee that information stored on the website or in databases wasn't compromised. Hetzner has thousands of clients, so I guess lucky them that Mweb made the news and they didn't...

  • Cookie - 2010-10-25 15:49

    Somebody gained access to our password and user name as well at Atlantic. I am still waiting for an explanation from them as how this happened

  • Ronnie - 2010-10-25 15:51

    Haha, wikileaks thats funny, i wonder how he came to that conclusion. they were busy releasing 4000 afghan documents and hacking a south africa isp web interface...

  • Bill Fine - 2010-10-25 15:51

    Ok, wait, now I am confused... is it the whistleblowers that hacked MWeb, or the CIA? or maybe the Aliens? Are the martians using my ADSL bandwidth now? Please please tell me Rudi!

  • Angel - 2010-10-25 16:01

    Not just a Mweb problem, my business website had been turned in single's site a few times this year. :)

  • JHaywood - 2010-10-25 16:02

    I have been with Mweb for 12 years, and not once have I been told to change my password either. A few weeks back I decided to change it out of my own accord, but was unable to find out where to do this. Not even on their website does it state how.

  • Charlie - 2010-10-25 16:02

    " Clients sustain no losses" Not true. I lost through this or some other attack a week ago 75% of my monthly Mweb Internet cap - gone in minutes!!

  • Eric - 2010-10-25 16:08

    Using Mweb??? Get GFI or Kaspersky today... LOL.....

  • Lway - 2010-10-25 16:11

    It's because risks are still taken with egard to Information security. An ISP should have every level of protection - there are ways to outsmart hackers.

  • Ted - 2010-10-25 16:11

    If their new mail front-end is anything to go by, I am not surprised. They produce buggy software and then demand that the user drop his defences to get it to work.

    It's only a matter of time and I am off their low quality services.

  • joe - 2010-10-25 16:12

    I count 2387 accounts. nothing to do with wikileaks. mr jansen is stretching the truth a bit or is not up to speed with the issue

  • Eric - 2010-10-25 16:14

    Is it too late to take the award back?

  • gen188 - 2010-10-25 16:14

    If you look at the Date "stamp" of his post:

    From: Louis McCarty
    Date: Mon, 25 Oct 2010 10:00:10 +0200

    Its probably a South African, not an american

  • Des - 2010-10-25 16:20

    This is why we aint got no email

  • Elizabeth - 2010-10-25 16:40

    We received an email on the 20th of October from "Mweb" requesting the following details. Something did not sound right, so we ignored the email. They said the following:
    We are currently upgrading our mweb in order to avoid closure of your account, you will
    Need to be updated as follows. Confirm your e-mail the following identity
    E-mail User Name:
    Maybe this has something to do with it?

  • Marras - 2010-10-25 16:46

    Or you could show some savvy and change your own password every 2 weeks or so, to avoid this in any case.

  • facepalm - 2010-10-25 16:56

    sigh. so much misinformation. details were posted to Full Disclosure, a security mailing list. seclists is just an archive, not the distribution channel. threats to takedown seclists are boneheaded, the data is mirrored on other archive sites (neohapsis,, etc)

    and wikileaks? good lord, they're completely unrelated.

  • Developer - 2010-10-25 17:18

    Thats surprising! My customers that host with MWEB have been battling for weeks to get their FTP passwords changed following various iframe insertion hacks on their sites. You have to send a fax, it's a long drawn out process. We waited 2 months for an FTP password to be changed, its ridiculous. Time they give backroom access to allow us to change these passwords on the fly!

  • Steve - 2010-10-25 17:24

    Do you subscribe to their newsletter? I get messages every once in a while with basic security measures. And changing my password regularly is one of them. Granted, the novelty of these newsletters has worn off, so I don't read them any more...

    I'm not so sure about the poster being American. His greeting is "Hej", that smells East European to me.

  • CaliCraft - 2010-10-25 17:28

    We've been with Mweb since it's inception in 1995 and this is the FIRST time I've ever heard that they recommend one changes their password regularly! I did however get a very odd phonecall earlier today and can only imagine now that it is linked to this problem.

  • Mcfly@Stellio - 2010-10-25 17:42

    I received this information with my signup contract. I would imagine that since you are using the internet that this is not the first time that you have heard the advice to change passwords regularly and to make them as strong as possible. If you require further advice there are many resources online from legitimate sources that can assist you with understanding how to determine the strength of a password and to better protect yourself. Good luck.

  • shaz - 2010-10-25 17:55

    Surely you can manage the changing of passwords yourself? Why rely on your isp to remind you?

  • Sm.dt - 2010-10-25 19:15

    I don't think anyone should blame Mweb. It is not they who do wrong, it is the sick individuals who derive some sort of pleasure out of doing ...well... what exactly? Hack into a computer to.... what? just show that you can do it? How pathetic. Get a life.

  • Skottie - 2010-10-25 20:19

    Now it make sense. It is not even an hour ago I wrote to MWEB to investigate how a person or company got my details and send me proposal information. Understanding that one list your email adress on about every form you fill out or send to friends etc. In this particular instance the email address is not my alias but the one that makesup your login name & email address and this can only came out of an administration and server environment.

  • Donovan - 2010-10-25 21:43

    My Gmail account was hacked once. I logged in and it told me my account was accessed from China 5 minutes ago. 5 minutes before that I had logged in from SA and they had no inkling the Chinese access was obviously fraudulent. I have since changes all passwords to be super long and complicated.

    be very aware....

  • Emil - 2010-10-25 22:02

    Raises some questions now regarding usage - Can they prove that you used your own bandwidth ???

  • Mhluzi Bhaka - 2010-10-25 22:37

    Assume some personal responsibility, Stellio.

    We shouldn't always have to rely on others to protect our interests.

  • HAHA MWDWEB - 2010-10-26 08:13

    MWEB is such a poorly run company, just like so many others in the Naspers fold...Free the web...what nonsense...its all about increasing their hold on the bandwidth market..cant wait for the press bill to impact them...

  • Williik1 - 2010-10-26 08:48

    This is what you get for constructive dissmissal. Peoples lives were ruined lost their cars and houses because of you. This is just the drop in the ocean for continuing ruining employees lifes.

  • mc - 2010-10-26 09:30

    @Skottie - same happened to me. I received e-mail on my login name and e-mail address, which is only known to MWeb. If they're the best ISP in South Africa, we're in trouble.

  • Point Blank - 2010-10-26 10:52

    So what, millions of websites and company websites get hacked everyday. Even the CIA gets hacked now and then. Hell, even the NIA gets hacked every so often. Learn to be responsible for yourselves, it's easy to change your password and make it strong but everyone is too lazy.

  • Rian - 2010-10-26 11:45

    This comes as no surprise. Security is no issue for many companies.

    You can view for more stats on SA-based websites being hacked.

  • GForce - 2010-10-26 14:13

    MWEB were a great company until they joined forces with Multichoice - now their service matches DSTV's. You can't complain about the service because THERE IS NO SERVICE !!

  • LT1 - 2010-10-26 14:21

    Mweb? ISP of the Year...? LOL!!! Would that be 2003?

  • Stuart Saward - 2010-10-26 18:56

    stuff Mweb.. they are the worst SP in the country..

  • gobetween - 2010-10-26 22:56

    I regularly get emails from mweb reminding me which security measures to take, which include advice on antivirus as well as a reminder about changing my password regularly. There are 3 steps which have to be followed when changing your password and each time I have phoned them and have had wonderful assistance from them. I would recommend mweb to anyone. I am please with the service I am getting.

  • duxman - 2010-10-28 14:45

    every final fight must have a winner regadless of deffense.
    i say to you Mweb, pull ut ur socks and get back to work, dont worry too much of our comments, you should be conscend of an offer to us.
    i'v been in the ICT field facing several problems, and guess what, if u work hard on this, u'll be the best to prevent it.
    and welcome to ICT world.

  • Kneel - 2010-10-29 07:51

    MWEB uses windows I guess it is easy to hack...

  • pages:
  • 1