THOUSANDS OF EIR customers’ data may be at risk of being stolen because of a fault with a piece of internet hardware, or modem, supplied by the company.
Earlier this month, their system was reportedly hacked, exposing a security gap.
When contacted by TheJournal.ie, Eir confirmed “a portion of our broadband modems, approximately 30%, may have this security vulnerability”:
Eir has been made aware of the potential security vulnerability concerning two of our broadband modems, the Zyxel D1000 and Zyxel P-660HN-T1A devices.
“We have been working with Zyxel, the supplier, and we have deployed of a number of solutions both at the device and network level which will remove this risk.”
“All of the potentially affected modems are now protected with the network mitigation we have taken. We continue to deploy the firmware patch.”
By September of this year, Eir reported that there were 867,000 customers signed up to their broadband service.
Although other broadband suppliers such as Virgin and Three said that the same security risk does not apply to them, there could be issues for those who already had these modems before joining a network.
In a statement released to TheJournal.ie, Vodafone said that although they don’t distribute ZyXEL D1000 modems, anyone who had one of these modems before becoming a customer of theirs could be at risk.
“Only a small number of Vodafone customers using these older third party modems are potentially affected in this case. The majority of Vodafone customers use Vodafone managed devices.”
But CEO of Cyber Risk International Paul C Dwyer said that the issue of device vulnerability is much more widespread than people realise, with “hundreds of thousands of cyber attacks” occurring every week.
“People don’t update their devices because they don’t have time, or they don’t know how.
There’s a grey area over who is responsible to maintain these systems – is it the user, or is it the company?
“When you’re robbed on the street, something is physically taken off you, so you know you’ve been robbed. But online, they duplicate your data, so there’s not the same awareness out there – someone could be selling a bundle of your information on The Dark Web [or the black market of the internet] and you wouldn’t know it.”
The reason people aren’t aware of it, he says, is that the attacker often demands secrecy.
He says that two of the most common forms of hacking is ‘ransomware’, where a piece of software blocks access to your computer until a sum of money is paid; and bringing a user to a sight that might look like a duplicate of their bank’s but is in fact a ruse to get their banking details.
Security advice
As well as the additional measures Eir has taken to secure their systems, they recommend that “customers with these modems should change the administration password for the modem as well as their WiFi password”.
Instructions on how to do this are available on the customer support section of their website, as well as the user guide issued with the modem.
Eir has reported the security vulnerability to the Office of Data Protection Commission and Commission for Communications Regulation, which they are obliged to do once a security breach is detected.
To embed this post, copy the code below on your site
have your say