Essar Telecom Kenya, which operates under the Yu brand name have had their Webs ite hacked and defaced. A Web apage with the message "owned by golden zero " with an image of the supposed hacker appeared on the Web site for a while before it was replaced with an "under maintenance" page from Yu.

According to a reputable source, the Yu Web site had been audited by a German Security firm which operates locally and had been awarded a clean bill of health. The security auditors did not discover the server vulnerabilities which were exploited.  Information from a local security forum indicates that the security audit firm is not competent and usually uses CISA(Certified Information Security Auditor) templates in their audits thus limiting the scope of the audit. 

Our source has also indicated that the error message that was passed by the site when accessing some pages such as http://www.yu.co.ke/administrator/ might have helped divulge sensitive information about the server to potential hackers. The specific part of the error message is  "Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.7a DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_jk/1.2.28 PHP/5.2.11 Server at www.yu.co.ke Port 80".