Announcement

Collapse
No announcement yet.

Billing system compromise - All shared, reseller and Virtuozzo VPS passwords reset

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by Mersey View Post
    I just read this and thought "Oh no, my Client area password. I forgot to change it"
    I had been concentrating on the more important cpanel password but it was the client area that was hacked.

    I have now changed my Client password but I don't remember being forced to change it when I logged in like you did with the cpanel ones.

    You did make people change them didn't you. Have I just forgotten?
    Hello,

    The client area passwords are encrypted in a different field to the server passwords and it can't be decrypted in a similar way like those with a master administrator account.

    We are confident no database copy was taken and therefore those passwords are considered "safe" in their encrypted form and obviously with no copy taken. However, even those passwords will go through a force reset shortly. It's a lot of work to make all the changes we have since the incident and we have been prioritzing the most important tasks. The first step was to lock down the system very tightly and reset passwords which we thought posed the highest immediate danger.

    Comment


    • #17
      Oh dear, this doesn't sound good at all! .

      Hope every things managed to be sorted now. Are there any further updates on this?
      David Smith
      Managing Director
      DPS Computing Limited

      - Massive update! (September 2011) - It's now not neglected!!
      - New Site (10/2009)

      Comment


      • #18
        Originally posted by DPS Computing View Post
        Oh dear, this doesn't sound good at all! .

        Hope every things managed to be sorted now. Are there any further updates on this?
        Hi David,

        There isn't any further news otherwise we would of posted about it here. We had migrated the billing system onto a new server and implemented the security measures we needed to take. Management had also forwarded information of the breach to the Information Commissioner's Office on the 30th April.

        Comment


        • #19
          Thanks for the update Ben . Glad to hear that its all sorted now .
          David Smith
          Managing Director
          DPS Computing Limited

          - Massive update! (September 2011) - It's now not neglected!!
          - New Site (10/2009)

          Comment

          Working...
          X