Anonymous hackers took credit for the breach and even published a Pastebin file that contained the credentials of 500 customers to prove that they managed to gain access.
According to Sophos, KPN stated that the attackers gained access to core routers in the ISPs systems through vulnerable servers, but unfortunately, it seems that the company isn’t handling the incident too well.
On January 28, when the breach was discovered, after consultations with law enforcement and Dutch government agencies, the firm decided to keep everything a secret, allegedly to allow them to monitor the attacker’s moves.
This obviously failed, since a short while after the incident was made public and the 500 credential sets were published, the ISP decided to suspend email access, advising customers to change their passwords to prevent unfortunate incidents.
After at first they admitted that the information was obtained from their servers, it was later determined that the data leak was a fake, originating from a site called Baby Dump, compromised in 2011.
InfosecIsland argues that by keeping everything a secret, the company may have unnecessarily exposed users to cybercriminal operations, especially if they believed that email accounts were affected by the breach.
This is not the first time when KPN systems are breached. In November 2011, we’ve learned that the company stopped issuing digital certificates after they had discovered a DDOS tool on one of their servers. At the time, it turned out that the malicious element may have been hosted on the server for as much as four years.