We need your help now
Support from readers like you keeps The Journal open.
You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.
If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.
Sign in. It’s quick, free and it’s up to you.
An account is an optional way to support the work we do. Find out more.
By continuing, you are indicating that you accept our Terms of Service and Privacy Policy.
BROADBAND SUPPLIER EIR has confirmed that it has taken every measure to protect customers’ data, but did not rule out the possibility that some customers’ data may have been accessed after a “vulnerability” was found in its modems.
The company will contact 130,000 customers to advise them to reset their modems, and have said that at least 2,000 devices were breached.
As of yet, Eir has no idea who was responsible for the hack and has informed the government and the Data Protection Commissioner on the case.
Speaking on RTÉ’s Morning Ireland, Eir’s director of communications Paul Bradley said that the company became aware of a potential security vulnerability after details surrounding the risks were posted on the internet.
“It came to light because there was a post online,” he said.
Eir raised the issue with their supplier, who confirmed the security risk on 22 November.
“We immediately took steps to protect the customer,” he said. He added that once the suspected malware was found on a number of devices, action was taken to reset the modems and secure the devices and customer data.
What this means is that we have an indication that a third party tried to get unauthorised access. At this time, there’s no indication that any customer data has been accessed.
When pushed on if it was possible customer data may have been accessed that Eir was not yet aware of, Bradley said that could be the case.
Last weekend, it emerged that thousands of Eir customers’ data may be at risk of being stolen because of a fault with a piece of internet hardware, or modem, supplied by the company.
In a statement to TheJournal.ie, Eir confirmed that “approximately 30%” of its modems may have this “security vulnerability”.
“Eir has been made aware of the potential security vulnerability concerning two of our broadband modems, the Zyxel D1000 and Zyxel P-660HN-T1A devices,” they said.
The company is advising all of its customers to reset their modems as a precaution. The 12-step guide to resetting the modem can be found here.
Along with the steps already taken by Eir, resetting the modem “should secure the device and solve the problem,” according to Bradley.
As for who was behind the attack, Bradley said that “we don’t know who was responsible”. He added that Eir has informed the Data Protection Commissioner, the Department of Communications and the government’s cyber security body about the breach.
To embed this post, copy the code below on your site
Eir are utterly utterly utterly technically incompetent…
From dealing with these people it is clear to me that the company still has not shaken off the stench of telecom eireann, a lot there still think and act like they’re public servants giving crappy customer service
@john barnes:
Changing a company name does not change it’s staff or culture. You can call a shite whatever you want but it’s still a shite.
Eir heads.
@Get Lost Eircodes: And yet I remember the sea of red thumbs I received for pointing this out to people in multiple comments sections on similar reports to do with compromises of various web-based enterprises.
Home networking equipment is terrible by default. As someone who works in cyber-security I maintain a decent hardware firewall behind my router and I routinely check the logs of both that and the router itself. Anyone who does the same will see their IP being scanned hundreds of times per day. This includes any devices they are passing through the router, such as webcams, which are directly exposed to the internet.
As a proof of concept I’ve just done a very cursory scan of the IP range assigned me by my ISP. My tool (not the best one you can get by any stretch) found 23 “Critical” vulnerabilities on just the most common ports and protocols. It looks like just over half of them are hardware devices (webcams or printers etc.) and the rest OS vulnerabilities tied to Win XP.
Long story short, right now cyber-criminality in the home-sphere is immature but as more and more criminals become tech savvy and more industries increase their cyber-resilience we will see a shift in what is viewed as the lowest hanging fruit. This *will* be a real problem, likely within the next 5-10 years. People relying on their ISP and current behaviour patterns to secure themselves at that point will be in a lot more trouble than they are now.
@Get Lost Eircodes: Actually 900k customers in Deutcshe Telekom and 100k UK customers of TalkTalk and UK Post Office were also impacted by the same issue.
https://www.bleepingcomputer.com/news/security/mirai-botnet-behind-internet-problems-for-100-000-talktalk-and-uk-post-office-users/
https://www.rte.ie/news/2016/1205/836708-eir-broadband/
@John Considine: Well said
What about sky modems
@john barnes: takes years to wash that “good enough for government work” stank off.
You’d want to be off your head having any dealings with a company as awful as this one.
In fairness, I’ve been a meteor customer for years and never had a problem with them.
Incompetence doesn’t even scratch the surface. Of course there are individuals who are highly technically minded but as a whole it’s a disaster. Teams, who are supposed to work together, don’t share information or knowledge. And the management? that’s where the incompetence lies. I worked in eircom for 18 months, left due to utter frustration.
Remember the time you could crack any Eircom Wifi because the router’s SSID (wireless network name) was directly related to the Encryption key!
Change passwords and install firewall’s is my advice for anybody paranoid about their tech security.
There was even an app for that.
@Brian Fitz: This actually sounds like the old “admin” router entry, the reset should prompt a new password. Hard to believe a major provider is still so sloppy, t’was the first port of call back in the day. The “0000″ default on kepads was another one, kids will try anything with tech and rightly so. It’s up to Eir to provide the security, that’s what they’re paid for, the rest is basically just pointing radio signals at a house.
Cowboys!
@Cormac Laffan: The database that held the WEP keys for Eircom routers was hacked and put on line, All you had to do was enter the SSID into an iPhone app and it would return the necessary WEP key allowing you immediate access into the WLAN of anyone who had not changed their default SSID.
Although your world wonders me
With your majestic and superior cackling hen
Your pickle I do not understand
So to you I shall put an end
Then you’ll never hear surf music again
Strange beautiful grass of green
With your majestic silver seas
Third Stone From The Sun by Jimi Hendrix was the song used in encryption to generate WEP keys.
Picture this,the CEO and chief Engineer is munching on a sandwich on their lunch break and decides to have a look at the news online and the journalist knows there is a security breach and they don’t!
Ok, before ye go any further the issue is with Zyxel, the manufacturers of the modems not EIR. EIR are only one of several reputable ISPs who use zyxel routers.
@Jordan Salanger: Except they don’t roll out updated firmware as a maintenance practice.
How old was the firmware on the devices in the wild?
Fire & Forget is their policy.
@Jordan Salanger:
It is eir that selected Zyxel as a partner to provide the modems. It is 100% eir’s responsibility to manage the quality of their supply chain.
Ironically their first modem locked out this flaws open port, then they bought zyxel and nobody gave a toss about security. Who knows about their current modems. Hopefully this new ddos army will attack Eir as punishment. Wonder could you sue Eir if you were attacked by these routers…
There’s a lot of( air) in their eir technicians brain.
I regularly assist friends/family etc with their home networks and PC’s. If they are an Eir customer, 99% of the time I can get straight into the router using the Admin ID. The Admin passwords are all the same by default unless changed by the owner (which is very very rare).
My internet was hacked, someone put porn in my Internet browser history
Should rebrand to Error
Does resetting the modem update the firmware? If not, this isn’t going to solve the problem….
@Piero Tintori: No it just has to be infected again on the next malware pass, exploit is still there waiting to be infected.
Eircom business technicians always seem to travel in pairs of vans. I remember one time two vans arrived to my workplace to stick a label on equipment they installed the day previous. Nothing else to be done, apart from a long lunch break. No wonder their services are priced over the top..
I noticed that too. A tall monkey for high up things and a shortarse monkey for low down things…
Eir are without a doubt the worst ever communication supplier in Ireland .. They simply couldn’t give a flying shirt about there customers. .They employ the most untrained un careing staff on the planet. F— them
Only a firmware update will sort this out here’s a link to the guy that found the issue and what the issue is https://devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/
@Mike Nixon: Interesting link. I see it is dated 7th of November…good to see Eir were quick to act, only took them a month.
Buy a new router with VDSL connection ability.
If you are going to wait on Eir(com) then you will have problems.
@eastsmer #IRExit: Businesses should go for something closed source & European like a LANCOM. Not some Chinese muck that is leaking like a sieve because it has so many back doors.
“The company is advising all of its customers to reset their modems as a precaution. The 12-step guide to resetting the modem can be found here.”
How are they advising us? By waiting until it’s reported weeks after?
My UPC modem was down last night and other UPC customers in my area couldn’t acces the internet could this be related?
have your say