StarHub detected a spike in data traffic to its domain name servers (DNS) last week, affecting the home broadband connection for some customers.
"There was no impact on mobile, enterprise and home voice services, and the security of our customers’ information was not compromised," StarHub said in an initial statement.
Later on the same day StarHub said that "we are now able to confirm that we had experienced intentional and likely malicious distributed denial-of-service attacks on our DNS". These were "unprecedented in scale, nature and complexity", it said.
Three days later, a third statement admitted that some customers' internet-connected devices "were likely accessed without their knowledge" during the attacks. The company is now arranging home visits by 'HubTroopers' who will "conduct an on-site investigation" and then help customers to secure any unsecured devices. This may include installing anti-malware software, changing default passwords, updating device software, or replacing devices, StarHub said.
"Compromised devices can be likened to a home with an open or unlocked backdoor. In the internet world, such unprotected devices can potentially allow unauthorised access to sensitive data, like passwords, credit card information, and video streams from webcams. Unbeknownst to the owners, these devices can also be used as an army of cyber weapons for malicious activities," StarHub said.
"We would like to rally everyone to play an active role in cyber security readiness," it said.
Singapore plans to launch a new cybersecurity strategy next year, strengthening its IT infrastructure, increasing cybersecurity capabilities and increasing collaboration with other countries.