Announcement

Collapse
No announcement yet.

Billing system compromise - All shared, reseller and Virtuozzo VPS passwords reset

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Billing system compromise - All shared, reseller and Virtuozzo VPS passwords reset

    Dear customers,

    The executive team and our senior system administrators have become aware of our billing system having being compromised in the past 24 hours. We are still investigating how the security breach had occurred, but there is no evidence of a database dump. We are in the process of moving our billing system to a new server and changing the encryption algorithm used for both staff members logins and client data. We estimate this will be completed by 30/04/2012. Please understand we are doing everything we can to resolve this, and we will keep customers informed - we believe in complete transparency.

    We are undertaking necessary legal obligations because of the security breach. We will be notifying the Information Commissioner's Office regarding this.

    We have not noticed an increase in compromised accounts of clients and our initial research does seem to suggest the perpetrator wasn’t out to cause damage to our customers, but until we better understand the nature of this problem, we can not take anything for granted.

    Dedicated Server and Cloud Hosting clients are advised to change their passwords as soon as possible. Shared, Reseller and Virtuozzo VPS customers will be prompted to change their passwords as soon as they login to their control panel.

    Please read the eUK-Status blog post regarding this: The server/account login reset required - euk-status.com

    We will be e-mailing customers to relay this information very shortly.

    Please understand we are doing everything we can to resolve this and our customers are our utmost highest priority. We sincerely regret this incident. John Strong, Managing Director, will update the status of our investigations in due course.

    Kind regards,
    Ben Stones
    Customer Interaction Associate

    Updates:

    (As relayed via the eUK-Status article)

    Saturday, 28th April 2012

    Dear Customer,

    At this stage we would like to confirm that there is no risk to any payment details (such as credit card numbers) being compromised.

    Regards
    eUKHOST Ltd.
    Dear customers,

    All shared and reseller hosting (and Virtuozzo VPS) customers will be prompted to change their password when they login to their control panel within 24 hours after initial login. Please change your password to something completely different when required to do so. You can use KeePass Password Manager in order to generate and store random and sophisticated passwords for important services.

    Kind regards,
    Alex Parker
    Monday, 30th April 2012

    Dear customers,
    This breach has now been logged with the Information Commissioner’s Office. More news will be posted as it is received.
    Yours Sincerely,
    John Strong
    Managing Director
    eUKhost Ltd
    Wednesday, 2nd April 2012

    Hello,

    After deeply investigating the server this breach occurred on we wish to reiterate that there is no evidence of data being copied or accessed on a wide scale. However, we still encourage clients to change their passwords. Those who are found to have a working password as per our billing system will have their password automatically changed and forwarded onto you.

    Yours Sincerely,
    John Strong
    Managing Director
    eUKhost Ltd

  • #2
    Shared customers are having their passwords automatically changed.
    If I change it myself will this help/hinder?
    Liverpool Website Design
    Paypal Tutorials

    Comment


    • #3
      Originally posted by Mersey View Post
      If I change it myself will this help/hinder?
      Hi,

      You may change your shared/reseller hosting password if you wish to now. However, your accounts password will be changed once our senior technicians implement this for all shared, reseller and Virtuozzo VPS customers. You'll be notified about this.

      We will keep you updated.

      Kind regards,
      Ben Stones.

      Comment


      • #4
        Dear customers,

        All shared and reseller hosting (and Virtuozzo VPS) customers will be prompted to change their password when they login to their control panel within 24 hours after initial login. Please change your password to something completely different when required to do so. You can use KeePass Password Manager in order to generate and store random and sophisticated passwords for important services.

        Kind regards,
        Ben Stones.

        Comment


        • #5
          Were any payment methods compromised, ie card details etc ?

          Comment


          • #6
            Originally posted by Muddeh View Post
            Were any payment methods compromised, ie card details etc ?
            No, none of such financial data was leaked. We don't store any such data on our servers & they're stored with the payment gateways. Only the account access credentials might have been leaked hence this is a precautionary measure taken to ensure that no damage to customer data is done.
            Rock _a.k.a._ Jack Daniel

            Follow eUKhost on Twitter || Join eUKhost Community on Facebook

            Comment


            • #7
              Originally posted by Rock View Post
              Only the account access credentials might have been leaked
              When you say the Billing system was compromised does that mean access to what I know as the "Client Area"?

              If so that would mean more than just the account access credentials may have been leaked because with these credentials you can get at more things like...

              If I click on Account Detail/My Account I can see my Name, Address, Phone number, email address, Company name.
              Under Hosting Details there is my username, all my invoices, details of my domains, email you have sent me in the past etc
              Liverpool Website Design
              Paypal Tutorials

              Comment


              • #8
                Hello,

                Yes, the intruder had the ability to access this level of information, although our logs indicate this person spent their time on just a few accounts, we can't rule out the possibility our logs have been tampered with to hide the full extent of the intrusion.

                We will be reporting this incident to the Information Commissioner's Office on Monday morning. However, without a date of birth, name and address information is largely useless from an identity theft point of view, it could potentially open people up to unwelcome communication (spam) and other potential scams.

                The immediate potential risk comes from gaining access to other websites, from which much more damage can be done.
                RsyNc.
                Support Team

                SKYPE: john_rodricks

                Comment


                • #9
                  Originally posted by Rsync View Post
                  ... However, without a date of birth, name and address information is largely useless from an identity theft point of view
                  One reason why it's not wise to give your DOB on forums etc. I see yours can be seen on your forum profile for example.

                  I'm not trying to be smart here. Just trying to assess the level of potential risk.
                  Liverpool Website Design
                  Paypal Tutorials

                  Comment


                  • #10
                    Does all of this mean that our passwords are stored in plain text across the EUKHost databases? It's more than a little concerning if this is the case.

                    Comment


                    • #11
                      Originally posted by danwednesday View Post
                      Does all of this mean that our passwords are stored in plain text across the EUKHost databases? It's more than a little concerning if this is the case.
                      Hi Dan,

                      Because the perpetrator had access on an administrative level to the billing area, it was possible for the perpetrator to see the passwords that are in plain text in tickets submitted by customers. For example, if we require access to a customer's server we would need to ask them for their root password which is provided securely on a ticket within the client area. We are changing the passwords of all customer accounts as a precautionary measure (and requesting server and cloud hosting customers to do this on their side with urgency). As John has said, we are not taking anything for granted.

                      I am not aware that we store passwords in the database in plain text, however we promise complete transparency so I will get John to respond to you regarding your concern.

                      Kind regards,
                      Ben Stones.

                      Comment


                      • #12
                        Hello,

                        No, passwords aren't stored in plain text, they are encrypted. They can't be browsed from the database, for example. However, with a master administrator account they are decrypted when an account is viewed. In our new system we have taken additional measures to make it less susceptible to a similar breach.

                        Comment


                        • #13
                          I am being contacted by a number of clients who have received the compromise email and are asking me what exactly they need to do.

                          So that I can give them the correct information can you detail the exact steps that are needed .

                          Also what is the position as regards the affiliate scheme?

                          Thanks in advance

                          John

                          Comment


                          • #14
                            Originally posted by lockettpots View Post
                            I am being contacted by a number of clients who have received the compromise email and are asking me what exactly they need to do.

                            So that I can give them the correct information can you detail the exact steps that are needed .

                            Also what is the position as regards the affiliate scheme?

                            Thanks in advance

                            John
                            Hi John,

                            As of now, all that needs to be done is change your 'Client Area' password as well as your hosting account password. It is highly recommended that the passwords should not contain dictionary words and instead contain numeric and symbolic characters in order to ensure that the logins are completely secure.

                            About the affiliate program, if you have any questions about it or need any information, please feel free to ask.
                            Wordpress Hosting - Your Adventure, Your Story!
                            Website Security Bundle - Great Value Security Solutions in value-for-money package!
                            Follow eUKhost on Twitter || Join eUKhost Community on Facebook

                            Comment


                            • #15
                              Originally posted by Ryan View Post
                              As of now, all that needs to be done is change your 'Client Area' password as well as your hosting account password.
                              I just read this and thought "Oh no, my Client area password. I forgot to change it"
                              I had been concentrating on the more important cpanel password but it was the client area that was hacked.

                              I have now changed my Client password but I don't remember being forced to change it when I logged in like you did with the cpanel ones.

                              You did make people change them didn't you. Have I just forgotten?
                              Liverpool Website Design
                              Paypal Tutorials

                              Comment

                              Working...
                              X