iiNet Kept A Hack On The 3FL Gaming Forum Secret For Three Goddamn Months

This. This is why we need mandatory data breach notification laws. Right now, we don't have them, and it allows companies like iiNet to get away with crap like this: iiNet's gaming portal, 3FL, was hacked and defaced in June. Now, in October, we find out that hackers scored a list of registered email addresses and has been spamming them ever since. For shame.

Delimiter got hold of an internal email from iiNet's operations centre manager sent in June. The email is addressed to the iiNet executive team and confirms the attack on the 3FL site.

iiNet reportedly took the site down after a defacement before investigating and subsequently confirming that a breach had occurred. iiNet staff were advised that no public communications were to take place surrounding the attack. There's your first mistake, iiNet.

The second mistake came on the Whirlpool forums where -- despite posts to the contrary -- an iiNet rep said that despite a decent amount of investigation, the company couldn't find any breach, and all the while, 3FL members were getting spammed by the attackers.

iiNet's chief technology officer John Lindsay called the farce to a close this week after finally admitting that the breach had in fact taken place.

Head on over to Delimiter for Lindsay's full statement on how it all went down. Needless to say, iiNet has handled this really badly. Poor form, iiNet. [Delimiter]



    Thats pretty bad. I'm often quite cynical of Gawker since I got caught up in their breach a few years back, but at least they were very transparent about the whole thing. As an aside, while I wasn't happy to be one of the victims in that case, it did lead to be having a better password policy...namely a different password for each site I use.

    oh yay now i know why im getting more spam,thanks iinet!

    Let me guess, people still using a "[email protected]" instead of "[email protected]"?
    Duh! If you not smart enough to use a yahoo/hotmail/gmail as your email for any publicly subscribed service/forum/form, you deserve all the spam coming your way.

      doesn't diminish the fact ISP's should be keeping their forums more secure, notifying of breaches and keeping their spam filtering software up to date.

      Not everyone is as tech-minded as you.

      I own a few dns host names, so trash/personalised emails are a few clicks away, don't even need a password! But for my parents? I've offered to get them a nice handy '[email protected]' and they're happy with their ISP.

      Just because its better doesnt make it right.

    Definitely for shame... Doesn't get out in the general media as it's only a gaming site and only nerds play online blablabla.... if this has been a Telstra presented site, gaming or not, there would have been a royal commission about it... and a lot more braying from the rafters...

    I am seriously disgusted by any organisation that knows about a breach and does nothing.

    I would rather be informed when they doubt anything was taken.
    ^ And that's why.

    This is just part of their new ad campaign.

    Tell your customers about being hacked
    Keep it secret.
    Why wouldn't you choose what's better?

Join the discussion!