Did DISH get hacked? (why are their site/systems still down)
What happened to DISH? Did it get hacked? Those are common questions these days after DISH’s website, support and most of their internal systems went down on Feb 23rd, 2023. In short, yes. They had a security attack last Thursday that took down most of their systems. At least for the first few days, most remote employees weren’t able to VPN into work and, in general, DISH wasn’t reachable (sales and customer service). Over a week in, customer service is mostly back at full strength, though wait times are pretty long.
DISH’s current statement
The following is DISH’s official response on the hack (as of 3/4/23):
On February 23, we experienced a cybersecurity incident that has affected some of our internal communications, customer call centers, and internet sites. We immediately activated our incident response and business continuity plans to contain, assess and remediate the situation. Cybersecurity experts and outside advisors were retained to assist in the evaluation of the situation, and we notified appropriate law enforcement authorities […]
Our teams are making progress on the customer service front every day. We’ve increased our call center capacity, social media response capabilities and help ticket processing, but it will take a little time before things are fully restored. Due to a higher-than-normal call volume, calls to customer care may have longer-than-average wait times. DISH TV continues to operate and is up and running.
We appreciate your understanding while we work through this incident.
So, it appears some infrastructure has already been reset or sufficiently re-built. DISH.com, their other sites and other internal DB/systems are still being worked on. Full resolution is still TBD.
Has this affected DISH TV?
Minimally, if not at all. For most DISH customers that haven’t needed to contact DISH or access any advanced features, its been business as usual. The satellite and TV network was fortunately not exposed. All channels, the Hopper, HD, etc, all work. If you’ve tried to order something on PPV or change your plan somehow, you may have run into problems (depending on exactly what you’re trying to access). If so, your best bet is to reach DISH’s customer service directly: 800-333-3474.
Smaller things like DISH’s free monthly previews were affected as well. When March 1st rolled around subscribers didn’t get their usual new set of free programming. DISH obviously has bigger (infected) fish to fry but expect an extra programming bonus when all this blows over.
How exactly did DISH get hacked and what was taken?
The precise route of entry is likely known at this point (and patched). The hard part is figuring out what was accessed and if there’s a suitable back-up available. In most of these high profile intrusions, the perpetrators usually embed ransomware of some kind. It locks out the company from said systems and without a ransom being paid, access can often be (extremely) difficult.
Did personal info get stolen?
Possibly. DISH’s statement mentions that personal data may have been accessed. That means some account info could have been breached — we’ll know for sure DISH and their security team wraps their investigation. If it has, you’ll immediately get notified via email, phone and/or snail mail. Part of that process usually includes a free subscription to a credit monitoring service (for at least 6 months).
Why did this happen to DISH?
Unfortunately, we live in a connected world with malicious players around the globe. While I’m sure DISH could’ve done a better job securing their systems (better passwords, redundant layers, etc), it’s difficult for even the biggest of companies to patch every possible point of intrusion. For instance, Yahoo, Facebook, LinkedIn and Adobe have all been hacked in the past decade. In all those cases, stuff hit the fan during that intrusion window and user account info was accessed. In some cases, users weren’t made aware for months or years after the fact. What’s worse than a hack? When you’re not made aware and can’t take the steps to properly monitor all your accounts.
In this case, although DISH didn’t say much after the few days, they’ve been up-front with status to this point and I’d expect them to continue to do so until the situation is totally cleaned up.
As a DISH customer, how should I protect myself?
As a Yahoo and Facebook user, I’ve been through this process. In both cases, the vast majority of folks had nothing to worry about. I don’t take chances though. Here’s what I’d recommend:
- If not already, setup credit monitoring (plan for at least a year)
- Lock your credit (no one can create a new account under your name unless you explicitly give access)
- Monitor email or text notifications (with most monitoring services, you’ll get notified anytime ANYONE attempts to create or access your account, outside of typical norms)
In a nutshell, there’s no need to panic but definitely be more vigilant about your accounts than usual.
Where DISH goes from here
Never a fun process to deal with a hack — the brutal PR and technologically, getting everything back online. Ugh. By all accounts, though, DISH is taking the proper steps to get this dealt with. It’s easy to rush a weak fix – they’re not doing that. The satellite business has already taken a years-long hit with cord-cutting and all the streaming options, so this definitely won’t help. However, for folks that still value a local DVR (not cloud), a full line-up of live channels, live in an area without high speed broadband and/or just value DISH as a company (this issue notwithstanding), it’s still a viable TV option. I still have DISH and don’t plan on switching. Of course, I’ll be monitoring this situation closely, so opinions can change. But, for now, hoping they quickly resolve the remaining issues, learn from this, and get back to their company milestones asap.
^ back to top