◆ SpookStack

Sites Revealed Passwords For Thousands Of Ameritech Users Page I of 3 HOME | SEARCH PGE mmerce Computers - Web Site Reviews Sites Revealed Passwords For Thousands Of Ameritech Users My By Brian Krebs, Newsbytes . Fre WASHINGTON, D.C. USA., “PE Mall This Article siga 22 Feb 2002, 1:30 PM CST &) Printer-Friendly Version Until earlier today, usernames, passwords and other sensitive information for tens of thousands of SBC-Ameritech.net customers were available to | anyone with a Web browser and the proper Internet address, according to { information obtained by Newsbytes. — One of the unsecured Ameritech Web sites contained an alphabetical hyperlinked listing of dial-up users. Each individual account, when clicked on, automatically created a dial- up networking account on the visitor’s computer, complete with the username, password and appropriate dial-up phone number for the subscriber's region. Another Ameritech site contained + advertisement thousands of detailed customer records, including unencrypted passwords, phone B i i numbers and addresses for each account. ra n + Ameritech disabled the sites shortly after Money bE Newsbytes notified the company of the Pp _ breach at the request of security Owe r be consultant Adrian Lamo. The consultant het more could 3 said he came across the sites a few weeks ago while browsing public Ameritech Web Aaach Washington's top - content. visionaries, onfine and in pri The database also listed each customer's appropriate mail server address, sign-on and password. Armed with such information, a malicious intruder could simply plug the data into his Microsoft Outlook Express account and download all of the users private e-mail. Washigeh & Another prominent feature on one of the sites was a tool that allowed visitors to track the Internet usage for each customer account. Such sensitive information usually is not obtainable even by federal investigators without a court order. Ameritech spokesperson Denise Koenig said the company immediately removed the directory and restricted access to the sites in question as soon as it was made aware of the problem. “There’s absolutely no issue that’s more important to us than the security and privacy of our customers,” Koenig said. “Although the directory contained aged user ID | 1 http://www.newsbytes.com/news/02/174719-html 3/11/02 j FBI(19-cv-1495)-1059 ,