The International Council of Electronic Commerce Consultants (EC-Council) yesterday published a statement on its Web site acknowledging that a hacker who defaced its Web site on February 22, 2014 was able to access some EC-Council information (h/t Help Net Security).
The defacement, EC-Council explained, resulted from a DNS poisoning attack. After gaining control of the domain, the hacker issued a password reset request to EC-Council's e-mail service provider, which allowed the hacker to compromise some e-mail accounts before EC-Council responded.
"This resulted in unauthorized access to messages in those specific e-mail boxes for a short duration of time" the statement explains. "The potentially compromised accounts represent approximately 2 percent of their customer base."
While EC-Council hasn't yet been able to determine if any data in those e-mail accounts was compromised, all customers who have sent any personally identifiable information to EC-Council via e-mail are being notified of the breach.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
"As a precaution, EC-Council strongly recommends that their affected customers remain vigilant for any unauthorized use of the information shared with EC-Council and that they alert EC-Council if they find any reason to suspect any," the statement notes.
Customers with questions are advised to contact firstname.lastname@example.org.