FOR IMMEDIATE RELEASE
Klas Telecom Responds Quickly and Mitigates Compromise of Legacy Helpdesk System
April 4, 2014
Washington, DC – On April 3, 2014, Klas Telecom’s legacy helpdesk system was attacked by the hacktivist group NullCrew. A thorough security audit has been performed and measures have been taken to identify and eliminate vulnerabilities.
Although this helpdesk system has not been actively used in over two years, it is possible that names, email addresses, phone numbers, password hashes and queries on products sent to the helpdesk system between 2007 and 2011 may have been accessed by these attackers.
Klas Telecom notified those potentially affected and provided recommended actions to mitigate any potential consequences. The current customer support site used by Klas Telecom since December 2011 was unaffected and continues to be secure. The affected site has been taken offline and Klas Telecom has conducted a thorough security review of all other systems as a precaution.
There have been similar password hash leaks from other companies in the past 18 months, including Adobe and LinkedIn. If passwords used on the Klas Telecom helpdesk were reused on those or other sites, there is increased risk that password hashes could be used to determine a password used with the Klas Telecom help desk system at that time. However, those who have changed their passwords since December 2011 or who have complex passwords run less of a risk of this occurring.
Notwithstanding, affected users should change passwords particularly on sites where they may have reused any password used for the Klas Telecom helpdesk system between 2007 and 2011. This only applies to users who actually logged into the helpdesk system and chose a custom password rather than the default password. As always, users should be on the lookout for suspicious emails seeking personal information.
Inquiries or concerns regarding this data breach can be addressed to Ryan Kendrick, Klas Telecom’s chief technology officer.