Late last week after an outage, Ziggo discovered that the e-mail accounts of some six hundred customers had been cracked. The perpetrators possessed e-mail lists combined with passwords. The Internet provider blocked the accounts in question. A Ziggo spokeswoman confirmed the hack to De Telegraaf (1).
Last week, Ziggo noticed that unauthorized persons had access to the e-mail accounts of about six hundred customers. They managed to crack the Ziggomail accounts by using lists containing the login credentials of Ziggo customers. Some of the invaded e-mail accounts had passwords set up that were easy to guess.
How the attackers got the email lists with passwords is a mystery. The spokeswoman says Ziggo cannot find out. "That could be several external sources," she told De Telegraaf. How long the attackers had access to the accounts is unknown.
The cracked accounts have been blocked by Ziggo. Those affected have received a letter on how to unblock them. The provider has reported the incident to the Autoriteit Persoonsgegevens.
As mentioned, Ziggo does not know where the e-mail lists the hackers used came from. One possibility is that they came from the data breach that occurred in March 2023 at Nebu B.V., a Wormerveer-based software developer. In less than an hour, the attackers managed to obtain personal data of some two million Dutch citizens. This included items such as first and last names, residential addresses, e-mail addresses, telephone numbers, dates of birth, gender, nationality and financial information such as income and pension details.
In late March, Nebu B.V. informed the first victims about the incident. NS (2) was the first party to disclose. The railroad company told that private data of about 780,000 train passengers had been stolen by hackers. After the NS, VodafoneZiggo (3), Heineken (4) and health insurer CZ told that the same thing had happened to them.
Other victims of the Nebu data breach included the International Film Festival Rotterdam (IFFR), the Royal Dutch Golf Federation (NGF), ArboNed, ProRail, the Rotterdam pupil transport company Trevvel, the National Postcode Lottery, housing corporations Stadgenoot (5), Vivare and Haag Wonen, and pension funds PME and PFZW.
Data sets containing e-mail addresses and passwords are regularly offered for sale on dark web forums. Hackers and cybercriminals use these to gain access to online accounts of unsuspecting victims. Once inside, they pretend to be the victim, for example by ordering all kinds of luxurious products or transferring money to their own or money mules' bank accounts.
Security experts recommend using strong passwords for all your online accounts, and changing them regularly. In addition, it is wise to use a different, unique password for each account. If you want to completely secure your account, it is recommended to enable multifactor authentication. In addition to a username and password, you also need an access code. You usually receive this by text message, or authenticator app.
(1) https://www.telegraaf.nl/financieel/2076590321/na-storing-ziggomail-blijken-600-accounts-gekraakt-onbekend-waar-hack-vandaan-komt
(2) https://www.vpngids.nl/nieuws/leverancier-ns-getroffen-door-datalek/
(3) https://www.vpngids.nl/nieuws/ook-vodafoneziggo-getroffen-door-datalek/
(4) https://www.vpngids.nl/nieuws/klantgegevens-heineken-en-cz-op-straat/
(5) https://www.vpngids.nl/nieuws/woningcorporatie-waarschuwt-15-000-klanten-voor-datalek/
