RE: February 22nd, 2014 Security Breach on EC-Council
On February 22nd, 2014 at approximately 8PM EST, the domain www.eccouncil.org was redirected to an ISP in Finland. Immediately EC Council’s Internal Security Response team initiated a comprehensive investigation.
EC-Council’s Security Team has confirmed no access to any EC-Council Servers was obtained, the domain redirection was done at the DNS Registrar and traffic was re-routed from Authentic EC-Council Servers to a Host in Finland known for hosting other illegal websites. EC-Council immediately began exercises in security precaution to fortify against any further attempts. EC-Council immediately opened cases with the United States FBI as well as international Law Enforcement to apprehend this individual and launched a full analysis of third party vendors where the security breach was allowed.
The affected records reside with a Third-Party, ICANN certified DNS Registrar and though EC-Council has terminated service there and moved, DNS propagation will take some time. During the DNS propagation period, eccouncil.org will be unavailable to the public. While EC-Council Servers remained untouched and running, the third-party DNS registrar remained affected through the day on Sunday February 23rd and into the morning Monday February 24th. EC-Council in Cooperation with domestic and foreign Law Enforcement as well as Judicial Systems will continue to investigate the incident.
EC-Council will release additional information through its official Facebook page as well as LinkedIn as details come available.
Original statement located on their FaceBook Page – https://www.facebook.com/ECCouncil