The data that hackers Friday online are most likely not from a hacked server of KPN, but are possible in 2010 Baby-dump.nl stolen. At the end of last year reported Tweakers.net all that this store was unsafe.
KPN denied initially that there is customer information captured in the hack that Wednesday it became known, did the hackers know about 16GB of data to have won, but destroyed. Opposite Nu.nl denies the hacker now again with the publication of the login details of accounts of the provider to be: “we don’t want is wrong”.
The site reports that the KPN-customer data that Friday were published, correspond with that from a database that is not KPN. It would be to have a database of Baby Dump, a seller of baby products, in which only the addresses of KPN-customers are filtered.
“It seems that we have come from, but certainly it is not,” says a spokesperson of Baby Dump against Nu.nl. The fields in the by the hacker published data in terms of sequence, however, corresponds exactly to the structure of the registration form of a Baby Dump.
This probably has to dates from 2010 but it seems difficult to verify this because Baby Dump recently his system has updated to leak. In november last year were various leaks in several web shops discovered, including on the website of Baby Dump. In response to that disclosure, said Thuiswinkel.org earlier opposite Tweakers.net merchants to want to check for sql injection and xss leaks with the help of ready-made tools.
Earlier this week, unveiled Tweakers.net the hackers that break-ins at KPN may also have compromised on one or more core routers. It was therefore possible in theory to internet traffic at KPN customers to intercept, but the attackers would not have done it. The hackers would be using an exploit, into a core router of KPN that is used for the data traffic of customers to route. Possible it went to zero day: an exploit that was not yet known.