[BreachExchange] Two Usenet providers blame data breaches on partner company

Destry Winant destry at riskbasedsecurity.com
Thu Apr 30 10:16:48 EDT 2020


Two companies that provide Usenet services have disclosed security
breaches today. The two companies, UseNeXT and Usenet.nl, blamed the
breaches on "a security vulnerability at a partner company."

Neither UseNeXT nor Usenet.nl have named the third-party company whose
software enabled the intrusion. It is unclear if this is referring to
a Usenet desktop client or a server-side service.

Both Usenet providers have now shut down their websites to investigate
the breach.

According to a near-identical message posted on both sites [1, 2], the
two companies say the intruder gained access to information such as
names, billing addresses, payment details (IBAN and account number),
and other information users provided during the process of creating an
account on the two websites.

The two companies provide a paid service that allows users to connect
to the Usenet network.

The Usenet network is one of the earliest forms of the internet, and a
precursor of the world wide web. More precisely, Usenet is an
interconnected network of nodes through which users can share news and
have discussions, similar to a modern-day bulletin board system.

Access to the Usenet network is done via special apps and entry nodes
(providers). UseNeXT and Usenet.nl provide a paid service to access
Usenet at high speeds, since modern free Usenet access is slow, rare,
and is not inherently secure.

Following today's breach announcement, both UseNeXT and Usenet.nl are
now telling customers to reset account passwords as soon as their
websites come back online, and review all Usenet account settings for
unauthorized changes -- such as new automatic message forwarding

Since payment data was also exposed, the two also recommend that
customers watch out for suspicious debits or charges on bank accounts
going forward.

Emails from UseNeXT and Usenet.nl should also be considered at a
higher risk of containing malicious links and phishing attempts, the
two companies suggested.

More information about the BreachExchange mailing list