Had the threat of load shedding not been enough to strike fear into the hearts of South Africans, text messages from Liberty on Saturday might have.
On Saturday Liberty began informing customers that its network had been breached and, far worse, customer data was being held hostage.
“Dear Valued Customer, Liberty regrets to inform you that it has been subjected to unauthorised access to its IT infrastructure by an external party who has requested compensation for it,” reads the message.
Later, Liberty revealed it was working with the relevant law enforcement authorities adding that it would not pay the ransom the attackers were asking for.
The insurance firm goes on to say that the data that was snatched appears to be “largely emails and attachments” adding that there is no evidence that customers had sustained financial losses.
Late on Sunday, the alleged hackers posted a message about the breach on Pastebin.
“Hello world, Welcome to Stage 1 of Liberty Holding Breach. After few funny days around ‘Liberty Holdings’ breach, now its time to show some interesting data,” reads the note.
The alleged hackers then link to a file sharing site but the link contains no data at the time of writing. The link allegedly contained a sample of the data shared with Liberty.
“We still holding 40TB that will be published as few parts, every day. Database file includes customers data, finance data, few full email backup of their directors and more interesting data,” the note goes on to say.
And then, things get interesting.
The alleged hackers say that the only reason they have not harmed customers financially is that that wasn’t their goal.
“Our goal was to improve your security. You made your choice to, time to pay,” the note concludes. We suspect that this might mean the now hackers had simply stumbled across a vulnerability, alerted Liberty to it and requested payment. Once Liberty refused we suspect the hackers switched white hats for black and grabbed as much data as they could before extorting Liberty.
This is pure speculation though and the reasons behind the breach are only known by the perpetrators.
Liberty did reveal in a statement to iAfrikan on Sunday that it became aware of the breach on Thursday evening which means the firm took nearly two days to alert customers that their data had been compromised. We understand that this seems egregious and it should have informed customers immediately but due diligence should be done. At least Liberty did better than Yahoo! which just kept breaches quiet for as long as possible.
As we don’t know the extent of the “customer data” the hackers have in their possession and the hackers promise to release more of it every day, we recommend Liberty customers update any passwords they might have recycled in their Liberty account as well as be aware that potential social engineering attacks could be conducted with the data.