A pair of malicious hackers say they demanded that Bell pay a $50,000 US ransom to prevent stolen customer data from being shared online, according to a person claiming responsibility for the theft.
That person — who communicated with CBC News via encrypted chat using the handle “exodus” — says a ransom email was sent to Bell on May 5, detailing the extent of the breach and the thieves’ terms.
Bell apologized to its customers last week after 1.9 million email addresses and approximately 1,700 names and phone numbers were stolen from the company’s systems and posted online. Links to the data were then shared across social media.
“We were literally inside Bell’s networks with access to everything,” exodus told CBC News. “It could have been much worse for them.”
Even after the breach was revealed, exodus claimed to still have access to Bell servers, and to have stolen additional data that could still be leaked — in particular, “all passwords for Bell customers.” They were unable to offer any supporting proof.
Bell previously told customers that “there is no indication that any financial, password or other sensitive personal information was accessed.”
If you are a Bell customer it would be wise to change ALL your passwords now.