Fasthosts' Security Breach

[Si]

Hi all,

I heard this today and wondered if any of you would be able to confirm its truth or not. As one of the UK's largest hosts and reseller network, what I heard was pretty alarming.

 

Apparently, FH had a major security breach today and all of their customers (a few hundred thousand +) were locked out of their control panels and FTP.

 

FH had to reset all passwords on their system and are now taking the unusual step of sending out that information via recorded/registered mail to each customer.

 

Is this true? Anyone know?

 

Thanks

 

Si

[Daniel]

http://www.theregister.co.uk/2007/11/30/fasthost_hack_update/

[Si]

Cheers Daniel.

 

Really helpful, and some very interesting reading (esp the customer comments).

 

Explains why we've had more people move to us this year from Fasthosts than any other.

 

Si

[Daniel]

I think they had a problem around the same time as UKReg too? I may be wrong though.

[scurrell]

I think they had a problem around the same time as UKReg too? I may be wrong though.

 

Same company.

[scurrell]

Explains why we've had more people move to us this year from Fasthosts than any other.

 

You're not the only ones.

[othellotech]

Apparently, FH had a major security breach today and all of their customers (a few hundred thousand +) were locked out of their control panels and FTP.

 

No the breach was weeks ago, and anyone who *didnt* change their passwords after the breach will have had an email and a letter and been locked out *deliberately*.

 

Or as one client who transferred their hosting and domain business to us on Friday commented so FH are on a par with the government with our data security then

 

Is this true? Anyone know?

True (ish), so you don't read trade press/forums/news-sites then

[bluque]

As an (ex) Fasthosts customer and an UKReg customer (sometimes) I can confirm that about 1 - 2 months ago a dedicated server on the FH network was compromised which led to the hackers gaining access to a large part of Fasthosts internal network; at the time Fasthosts urged all customers to change both their CP and owner passwords. Since the time of the attack an internal review of all systems has been ongoing and concluded that the FTP space of some customers had been compromised; it has been this find that has triggered the reset of all passwords for all customers, regardless of the service (e.g. FTP and SQL databases). All new passwords are being sent via RoyalMail to all customers to ensure that the sent information cannot be in anyway compromised.

 

I wonder if this will make FH go under because I'm sure there will be a large rush of customers jumping ship after this kind of security breach. Although they may be a large company, this attack has done large damage to their reputation which they will find very hard to shake off.

[Si]

True (ish), so you don't read trade press/forums/news-sites then

 

lol - that would be a luxury. a pastime usually performed during flights....otherwise you'll find me engaged with my head stuck in my PC or laptop supporting my own little corner of the web and more often with too much to concern me about my own customers problems than worrying about FH and theirs.

 

I usually catch up eventually tho

 

I wonder if this will make FH go under because I'm sure there will be a large rush of customers jumping ship after this kind of security breach. Although they may be a large company, this attack has done large damage to their reputation which they will find very hard to shake off.

 

Sadly, every coin has 2 sides. I have heard it make some customers tentative and wary to use any hosting organisation - after all, if it can happen to a big fish like FH...why not the smaller guys?

 

I think overall, while I'm no fan of FH and compete with them, their misfortune is equally industry damaging as it is for them as a company.

 

Si