Hosterlabs data breach
Just got this email:
We are writing to you because of an incident involving access to information associated with online purchases made on our website www.hosterlabs.net. Although we are unaware of any actual misuse of your information, we are providing notice to you and other potentially affected customers about the incident, and about tools you can use to protect yourself against possible identity theft or fraud.
We were discovered on June 22, 2021 that our website www.hosterlabs.net experienced an intrusion the day June 21,2021. The intruder or intruders placed malware on the our servers, and by doing so gained access to our customers’ data. To date, the investigation indicates that the intrusion began around the 21st of June ca. 9 AM.
At first we noticed our website hosterlabs.net/panel/ was offline and not working. Further investigation seemed to reveal a problem with the databases, we thought they were corrupted. After further investigation we found messages from "hackers" threatening to make the information on the databases public/selling them and they asked us for money in exchange of them returning us the information, because it was deleted. We do have backups that we do on a daily basis and as such we decided not to pay any ransom. We have disaster plans and prevention on all servers and platforms. We have had false alarms of hackings in the past, hence all our systems are extremely secured but unfortunately there is nothing that can not be hacked. The hack came through our Wordpress main site hosterlabs.net/ where hackers possibly injected viruses through a vulnerability within one or more plugins we have. These vulnerabilities have been fully isolated and fixed. For now security is really tight but we will add further security in the upcoming days as well as changing how our systems are designed internally.
What information was included?
Name, Last Name, E-mail, Address and personally identifiable information.
Passwords were most likely not stolen, nevertheless, please change your passwords for your VPS/Hosting accounts and your control panel account.
No credit card information was stolen, no intrusion in any other systems took place. Please make sure to change your password in all of our services.
Is the breach fixed?
Yes we have tracked the malware and it has completely been removed from our sites.
What did you do to increase your security?
We have added further firewalls, active monitoring and we are working as of now with law enforcement to track the perpetrators of the crime. We have notified the FBI and we expect to do forensics on our servers, for which we have backed up all logs and accesses.
What kind of security do you have/ how do we know our information was protected?
Your information was protected to the best of our abilities as we have experience aiding and making sure other peoples' servers are secure. We have seen/traced/removed similar hackings from customers. Most of our servers are unreachable outside our working spaces and require special authentications. This breach was just exploiting a plugin we had on our Wordpress site. We will revise all our security policies and keep you updated.