Vodafone Iceland is now in the middle of an investigation into how its website was attacked and customer data information, including SMS messages, were leaked to the public.
On November 30, the company's Icelandic website was defaced by attackers and subsequently taken offline. At the time, Vodafone did not believe that any confidential information had been stolen, and vowed to return to service.
The next day, however, Vodafone said on its Facebook page (in Icelandic) that despite its initial assessment, confidential customer data had, in fact, been accessed by the attackers. It apologised for this fact, and also advised its customers to change their passwords where they may have reused them elsewhere.
Turkish hacktivist group Agent claimed responsibility for the breach, defacing Vodafone's site with its group insignia, leaving the message, "nsa, mola vakti", and providing a link to SQL dumps of its customer databases.
The information has since been removed, and Vodafone is asking that others do not share it in order to protect innocent users' privacy.
ZDNet has sighted the stolen information, and can confirm that it contains customer names, phone numbers, email addresses, and social security numbers.
Some databases contained several entries showing common strings used in testing for SQL injection, interspaced with seemingly legitimate entries, indicating that this latest intrusion may not have been the first time that attackers had attempted to gain access to Vodafone's customer data.
Other databases contained the SMS history of customers.
Vodafone has confirmed that the SMS messages exposed were limited only to those sent from the Vodafone website and not via handsets. It also confirmed that the databases did not contain any credit card or bank details, unless that information was in an SMS sent from the website.
Vodafone CEO Ómar Svavarsson said that the company's security is constantly under review, and that although it conducts regular security audits, its attackers were one step ahead of them this time.