Eircom first knew of the security flaw that could affect 250,000 of its broadband customers in March of this year, it has emerged.
The company was contacted by Kildare software engineer Peter McShane in early March to tell them that a problem with the set-up of its Netopia routers made them vulnerable.
Eircom representatives met Mr McShane to discuss the matter further, but, frustrated at the pace at which the company was moving, he informed the communications regulator, ComReg, at the beginning of September.
The problem relates to 250,000 Netopia 3300 and 2247 series routers that Eircom has sold in recent years. Due to the way security has been implemented on the products, hackers or anyone with a modicum of knowledge can access the networks without their owners' knowledge.
Eircom's head of communications, Paul Bradley, confirmed that the company had first been made aware of the problem six months ago. He said the telecoms operator entered into discussions with Mr McShane but then had to verify the nature of the problem and how it could be remedied.
"In the interim we have been putting in place the processes to address that," said Mr Bradley.
Mr McShane said he became curious last January when he saw a number of Eircom wireless networks in range of his parents' home with a unique 8-digit name. He subsequently purchased one of the routers and quickly discovered the flaw. Using the 8-digit network name he was able to access any of the Eircom networks.
Motorola, which now owns Netopia, released a short statement yesterday saying it was working with Eircom to enhance security on the products and directed customers to the Eircom support website.
Mr McShane said he believes the problem may extend not only to Eircom's Netopia routers but to other providers using the same product. On Tuesday Eircom said that AT&T, the largest telecoms provider in the US, and Covad, a specialist broadband company, are also "using the same method of security".
Mr Bradley said e-mails and letters would be sent to customers this week informing them of what action they need to take to secure their connections.
He reiterated that the issue is still a "potential security problem" as no Eircom customers have reported anyone else using their networks.