Orange suspends extranet after attack
Enable disabled
Steps to Take Before Choosing a Business Continuity Partner
Orange has had to suspend access to its "Enable" system since last Thursday when it became aware that a third party was trying to access the credit checking and connection management system.
In a statement, Orange said someone tried to get in to the system, which is designed for internal and external sales people. Orange wouldn't be drawn on what data, if any, was compromised. The system is designed to manage customers wanting upgrades or coming to the end of their contract, so it seems likely that the attacker was someone who could gain financially from that information.
The most obvious candidate would be a contract reseller, who wanted to call up Orange customers coming to the end of their contracts. Such companies have, in the past, been reduced to calling people at random in the hope of hitting someone near renewal, so they would certainly be interested in details of customers nearing the end of their contracts, including their eligibility and credit rating, as well as name and number.
So, if you're an Orange customer getting suspicious calls offering you a new contract, let us know.
The Reg understands that new usernames and passwords have been issued to legitimate Enable users, though the system isn't fully operational and Orange says it is still investigating. So don't hold your breath. ®
COMMENTS
THat explains a lot...
I'd been receiving calls from contract re-sellers for the last two months, which i thought was odd as this is my first 18 month contract, so it's not as if they've stuck 12 months on my last renewal date - but i just thought it was orange selling the customer list.....
I wondered what was up
I tried to top up from like wendesday until friday, managed to at 10 o clock on friday and she put it through twice, it kept saying "we have loads of customers" and "the system is down" etc. Left in the dark pretty much though. It sucks
Orange registrations were also broken this week
Is this connected at all with the fact that Orange SIM registration seems to have been broken all week.
At the beginning of the week I registered my SIM on the website, was told it was successfully completed, given my phone number and told to expect an SMS activation within 24 hours. I am still waiting now. Yesterday I called Orange and was told their system was down all week and they couldn't register anyone.
Today Orange registrations are apparantly working again, but they have no record of my SIM or phone number. They are telling me they don't exist, and expect me to just throw away a perfectly good SIM, number and all my printed stationary as well as re-inform everyone I know of a new number! This is quite ridiculous, and I'd invite any Orange employees reading this for their comments.
harryinlondon
http://www.abikecentral.com
IT infrastructure monitoring strategies
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
Data control in the cloud
Cloud based data management
Agentless Backup is Not a Myth
