Internet provider Altima Telecom — one of the largest independent Canadian internet service providers, serving Montreal and Toronto — had to repair a flaw that could have given hackers access to its customer database. Daley Borda, founder of Underdog Security, discovered the flaw and reported it, which was then passed on to Altima.
The customer database was connected to the company’s website, but could also be remotely accessed with a blind SQL injection attack. The database has millions of customer records, including billing data, support tickets, credit card data and more.
Borda revealed that he could search through the database simply by entering commands into his browser’s address bar, and a hacker could easily download the entire database. While it's a simple flaw, it could have caused serious damage to the company and its customer base.
“We really appreciate you and the security researcher bringing this to our attention,” Altima’s CEO Frank Yang said. “We are taking this matter very seriously.”
With cyberattacks on the rise, companies are on high alert — and citizens are feeling the pain. Earlier this year, cybersecurity company Kaspersky Lab revealed in a survey that 81 percent of Americans and 72 percent of Canadians are stressed about the recent rash of data breaches.
“With massive data breaches and cyberattacks making headlines nearly every week, consumers are becoming increasingly aware of the cybersecurity risks out there,” said Brian Anderson, VP of consumer sales at Kaspersky Lab North America, in a press release. “However, many people still have no idea how to begin securing their devices from these threats, or what to do if they become a victim. With no way to gain control, the very idea of cybersecurity becomes completely overwhelming. By educating consumers about cyberthreats and how to avoid them, technology companies can do their part to help to reduce our community’s collective cyber stress.”