Westnet customers urged to change passwords after alleged hack
As many as 30,800 customers of the iiNet-owned ISP Westnet have been urged to change their passwords after a hacker claimed to have gained access to the company's customer database.
Claire ReillyFormer Principal Video Producer
Claire Reilly was a video host, journalist and producer covering all things space, futurism, science and culture. Whether she's covering breaking news, explaining complex science topics or exploring the weirder sides of tech culture, Claire gets to the heart of why technology matters to everyone. She's been a regular commentator on broadcast news, and in her spare time, she's a cabaret enthusiast, Simpsons aficionado and closet country music lover. She originally hails from Sydney but now calls San Francisco home.
ExpertiseSpace, Futurism, Science and Sci-Tech, Robotics, Tech CultureCredentials
Webby Award Winner (Best Video Host, 2021), Webby Nominee (Podcasts, 2021), Gold Telly (Documentary Series, 2021), Silver Telly (Video Writing, 2021), W3 Award (Best Host, 2020), Australian IT Journalism Awards (Best Journalist, Best News Journalist 2017)
More than 30,000 Westnet internet users have been advised to change their passwords after a hacker claimed to have gained access to the customer database of the iiNet-owned ISP.
In an online posting, picked up by Sydney-based infosec writer Cyber War News, a hacker going by the name Mufasa claimed to have a cache of "valuable data," including customer details and unencrypted plaintext passwords.
A statement from iiNet indicates that the compromised information could also include addresses and telephone numbers. The hacker is now offering to "sell or trade" this data.
Based out of Western Australia, Westnet has been a subsidiary of iiNet since 2008. iiNet is now moving to minimise the fallout of the alleged hack, bringing the affected system offline and monitoring "impacted" accounts.
"iiNet is aware of an incident that may have resulted in unauthorised access to old customer information stored on a legacy Westnet system," said iiNet Chief Information Officer Matthew Toohey in an email statement to CNET.
"The incident has been reported to relevant law enforcement agencies and is currently under investigation."
While iiNet asserts that "no payment details were stored on the server," it has warned that "customer username, address, telephone and, in some cases, password information may have been accessed."
As a result, iiNet says it has contacted 30,827 "impacted customers" recommending they change passwords associated with their Westnet accounts, saying this is "the most effective way to ensure security."
"The system is now offline and at no further risk," Toohey continued. "As precaution, additional steps have been taken to increase the monitoring of impacted accounts."
While iiNet has moved swiftly to act on the hacking claims, Australia currently does not have laws requiring companies to disclose data breaches to authorities or customers, meaning customer details or passwords shared across accounts can be exposed for long periods before those customers become aware.
CNET has requested further comment from iiNet, including details on whether Westnet stored customer passwords in plaintext.