Two major Usenet providers, UseneXT and Usenet.nl have suffered from a data breach. They are blaming a third party for the breach.
Usenet providers offer access to the Usenet network – a network of servers that store messages that enables the downloading of files. For a small fee, users can have access to files with retention much longer than typical free services. Additionally, many providers offer a layer of security as well, keeping users safe and their information private. So, little wonder why they have become so popular over the last two decades or more.
Unfortunately, two usenet providers, UseNeXT and Usenet.nl have suffered from what some are describing as a major data breach. The breach has resulted in downtime for both services. Both providers, of course, are not small players in this game either. As a result, this has caused some pretty big disruptions for many users. From Security Boulevard:
A snippet of UseNeXT’s notice reads: “We are currently analyzing what damage may have occurred. For security reasons, all systems are currently offline. Therefore, we cannot be reached via the Internet, email or call center”.
The two providers have also warned potential victims about the risks of unauthorized access to their account information that may include full name, billing address and payment data used for their subscription, such as IBAN and account number.
Since the perps may have stolen personal identifiable information and financial details, the companies are urging subscribers to be vigilant and take the following preventive measures:
• Change the password for your Usenet account and any other online accounts that shared the same login credentials
• Review your account settings and check if the automatic forwarding of messages is enabled – as this could indicate unauthorized access
• Keep an eye out for any suspicious charges on your accounts
• Ignore any suspicious emails that might appear in your Inbox and do not click on any links or provide additional personal informationThe two platforms remain offline for now, and there’s no ETA for the services’ restoration.
One of the big selling points for Usenet providers is the fact that their systems are secure. For some, logs aren’t retained. For others, the connections are heavily encrypted. Privacy is certainly top of mind for many of these providers regardless. So, while, from the security standpoint, this is just yet another data breach to add to the pile, for the world of Usenet, this is a huge deal. Things like this simply doesn’t happen in the world of Usenet – and if it does, it’s typically a small provider run by people who don’t really know what they are doing. So, with a major provider being impacted, everyone in the Usenet community takes notice at the very least.
Even when the providers come back to full operation, this still represents a major risk to their reputation as a secure service. Even if it has nothing to do with download activities, encryption, or logging, there’s still that problem that some people might be looking at these providers with suspicion anyway. So, while it might take a bit of time to restore services, recovery from a reputation standpoint could take much longer.
Drew Wilson on Twitter: @icecube85 and Facebook.
