Source: Telecom Paper
South African ISP Afrihost has agreed to acquire a majority stake in Cool Ideas, MyBroadband reported, subject to the necessary regulatory approvals. Afrihost and Cool Ideas are working to finalise the transaction as soon as possible. The parties hope to leverage the economies of scale of a larger network.
Cool Ideas will continue to operate as a stand-alone brand and business with the same management team and employees. All its original shareholders, including founders Andre Jooste and Paul Butschi, will retain stakes in the company. The other Cool Ideas shareholders are Roelf Diedericks and Shane Rees-Gibbs. Finances related to the deal have not been disclosed.
The majority stake in Cool Ideas will make Afrihost a significantly bigger player in the South African fibre ISP market. Afrihost already owns a majority stake in Axxess, one of the country’s premier service providers. This acquisition will create a powerhouse with three of South Africa’s top ISPs under the same umbrella. Cool Ideas was founded by Jooste and Butschi in 2011 when they explored prospects for starting a hosting business.
They also considered business offerings on the DFA network, but when Vumatel started deploying an FTTH network in Johannesburg, they saw a big opportunity. Cool Ideas partnered with Vumatel to offer fibre services in areas where it had coverage. The ISP showed rapid growth and started to offer fibre-to-the-home products on other fibre networks, including Openserve, Frogfoot and Octotel.
Fin24 recently publishing article with the headline: “Massive Afrihost security flaw exposed”.
The article stated that “a massive security flaw” left the ADSL credentials of users vulnerable. The situation was brought to light by a Durban software expert, Taylor Gibb, who recently posted on Facebook that “Afrihost staff had been able to provide ADSL account credentials to users over the phone, leaving information at risk”.
Afrihost has released the following statement:
1. There was no breach of data at any time
No databases, personal information, payment information or account details have been breached or hacked in any way. The article is based on hypothetical scenarios conceived by the author of the article, who was never (at any time) in possession of the data mentioned.
2. Our clients are not at risk
Since no data was actually obtained, our clients are not at risk at all. We have also now ensured that consultants cannot view encrypted data, so there is no risk to clients whatsoever (based on the scenario in this article).
3. Passwords were never stored in plain text
The writer makes several assumptions regarding the state of personal data, such as passwords being stored in plain text, which are inaccurate. Passwords are encrypted.
4. The information relates ONLY to ADSL usernames and passwords
No payment information, personal information or ClientZone user login information were ever at risk. At absolute worst, the information in question could only be used to login to an ADSL account (and one that allows concurrent logins). Any client could still view their ADSL sessions via their ClientZone and request any unknown numbers be blocked from accessing their account. There would be zero possibility that these details could ever lead to obtaining payment or personal information.
5. Our team of staff are trustworthy
The article only refers to scenarios where a staff member of Afrihost could access vulnerable information. Our staff have no motivation to steal data from our clients, as they receive free internet for both fixed line (DSL or Fibre) and Mobile Data. In many cases, our staff give out their personal accounts to help our clients test their connectivity. While we did trust our staff with access to passwords – this ability has since been removed – this was always subject to identity verification. However, we have removed this feature for our client’s peace of mind and will find new ways to ensure that our clients enjoy the same level of convenience when interacting with our consultants.
We’ve always had to balance our need for increased security and safeguards with our client’s convenience. Changes to our security is in ongoing development at all times, and we had planned to devise a convenient way to roll these out with minimal impact to our clients.
As mentioned, no data was breached, no personal information was compromised and not a single client was adversely affected in any way.