A pair of hackers under the collective handle of “exodus” claimed responsibility for recent hacks perpetrated against Canadian carrier Bell, and said that it did not originally plan on releasing the information online, so long as Bell agreed to pay a $50,000 ransom. The hack managed to compromise approximately 1.9 million email addresses linked to Bell, along with 1,700 real names and phone numbers of individuals. exodus alleged that it had full access to Bell’s systems during the course of the hack, which would mean that it could potentially have released far more data, or even all of the data on Bell’s servers. An email telling Bell just how bad the hack could be and how to pay the $50,000 ransom was allegedly sent on May 5th.
While Bell apologized to customers and advised them to take security measures a week after the contents of the breach, exodus claims that it was able to access the servers even after the breach was revealed, and managed to get its hands on additional data. They said that they had data up to and including all Bell customers’ passwords for some services, but were unable to give reporters that they spoke with any proof of this claim. Still, the threat of another leak should not be completely discounted just because of the lack of proof. It’s worth noting here that Bell had told customers that it had no reason to believe that any sort of critical data such as financial information or passwords was accessed.
Bell’s director of Communications, Mark Choma, had previously stated that Bell was aware of the ransom on the data and had refused to pay it. he also said that Bell had received other correspondence from the hackers and refused to acknowledge or answer it, but declined to provide any further information or comments. The original hack ended up posted to reddit under the handle exodusbell, and contained links that eventually led followers to the stolen data, effectively making it available to anybody on the web. Those who clicked the link wound up at a website containing a message from the hackers first, and that site had the link that led to the actual content. Similar hacks have been happening worldwide in the wake of the massive Wannacry ransomware attack.