EC-Council Acknowledges, Details February Hacker Attack

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

The International Council of Electronic Commerce Consultants (EC-Council) yesterday published a statement on its Web site acknowledging that a hacker who defaced its Web site on February 22, 2014 was able to access some EC-Council information (h/t Help Net Security).

The defacement, EC-Council explained, resulted from a DNS poisoning attack. After gaining control of the domain, the hacker issued a password reset request to EC-Council's e-mail service provider, which allowed the hacker to compromise some e-mail accounts before EC-Council responded.

"This resulted in unauthorized access to messages in those specific e-mail boxes for a short duration of time" the statement explains. "The potentially compromised accounts represent approximately 2 percent of their customer base."

While EC-Council hasn't yet been able to determine if any data in those e-mail accounts was compromised, all customers who have sent any personally identifiable information to EC-Council via e-mail are being notified of the breach.

"As a precaution, EC-Council strongly recommends that their affected customers remain vigilant for any unauthorized use of the information shared with EC-Council and that they alert EC-Council if they find any reason to suspect any," the statement notes.

Customers with questions are advised to contact accountsecurity@eccouncil.org.