Belgacom, the largest Belgian ISP, admitted today that 2,000 of its ADSL accounts were compromised earlier this year.
The company discovered details of its subscribers posted on a webpage by hackers who weren’t happy with download limits on broadband internet connections.
In Belgium, about 90 per cent of residential ISP customers are connected either via Belgacom (the former state telephone monopoly) or Telenet (cable). Although the connections are fast, both ISPs last year had a maximum download limit of 12 GB/month. Go past this limit and speeds would immediately drop to 3 KB/s for the rest of the month, hardly enough to read your mail.
In December frustrated Belgian internet users signed a petition demanding more reasonable download limits and on 30 December tried to download as much as possible to show Internet traffic wasn't significantly higher than on other days. Apparently a group of disgruntled users decided that wasn't enough, and exposed the details 2,000 Belgacom accounts to the web.
Belgacom didn't communicate the security breach to its users at large, apparently to avoid panic.
"We sent postal letters to small groups of users since April and asked them to change passwords as a matter of precaution," Belgacom spokesperson Jan Margot told The Register. "The site was closed down immediately, and we haven't seen any abuse since then."
Belgacom insists it is a minor issue. "We have 1 million ADSL users, it wasn't a big threat." ®