New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
EDIS "eMail-address list leaked"
EDIS has been informed that email addresses which have been used with EDIS services are listed at http://haveibeenpwned.com. We do confirm that these email-adresses are part of our client-database. We strongly recommend that our clients take precautious measures and change their account-passwords used with EDIS VPS services. Please note that no payment-data like credit cards details has been leaked - all payment relevant data is stored with our payment providers like PayPal or Royal Bank of Scotland (WorldPay, FuturePay).
Management-interfaces are down for maintenance and will be back online after the investigation is completed.
We apologise for any inconvenience caused!
Best regards,
Yours EDIS Team
Thanked by 1ehab
Comments
Sounds like they have no idea how it leaked yet, but I guess they are looking into it.
This is going to fun as I believe EDIS is an EU provider, it will be interesting to see how they will handle this under GDPR law.
Could you name any compnay punished under gdpr? Its a theoretical law
I never said they would be punished by the law though, I just want to see how they handle according to the GDPR law
Do not worry, the lawyer for EDIS is probably the best in the city and in the same building plu something like a landlord.
Leaked seems be WHMCS only, as my old company mail shows not up as pwned.
The law is likely not implemented into code yet anyway, countries can wait until the deadline but have no choice then obviously, but retroactive laws are unconstitutional so it is not usable if it did not exist yet.
double
The breach notification from EDIS (which arrived only 3 hours after that from HIBP!) is a good start.
The only data that has leaked publicly are e-mail addresses, in a paste on Pastebin; passwords were not included. However, such pastes usually indicate that more data is floating around privately.
GDPR is a regulation, not a directive; it has already taken effect and is immediately applicable in all member countries, no local legislation is necessary for that.
Then it does not matter anyway most likely local and first cases will take years to process - even with written laws Austria sucks in time needed for any case.
Same if damages are calculated out of business turnover/profit (like EU fines) but they realise too late that most actual value (eg. license payments as Apple does) is not in the company prosecuted at all.
I mean, it's going to depend on how proactive the local privacy watchdog is, since that's who's tasked with enforcing the GDPR generally.
The percentage is taken of worldwide revenue for a company (as a whole, subsidiaries and all) to prevent precisely that workaround
An update on the incident:
We are relieved to bring the good news that no systems were hacked, no personal and no sensitive data has been compromised.
The function provided a list with email-addresses assigned to a particular VPS hostnode.
No personal data and no sensitive data (payment details, passwords, ...) was compromised.
Please accept our sincere apologies for the inconvenience!
Yours EDIS Team