All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
aruba attack
received the following:
Dear Customer,
we would like to inform you that on 23 April, we detected and blocked unauthorized access to the network that hosts some of our systems. No data was deleted or altered.
Rest assured that no system used to produce or provide services was involved, as these are totally separate.
A series of internal and external security measures were implemented, including informing the authorities and the Italian Data Protection Authority. At the end of our investigation, we felt it was our duty to inform you, even though no action is required on your part.
Cybersecurity is of great importance to us and we invest heavily in appropriate technology, tools and organizational measures, but we were unable to prevent this event. Sophisticated cyber-attacks are on the rise, affecting both public and private companies and organizations at all levels.
Please see below for more information.
The data contained in the affected systems, whose integrity and availability have not been impacted in any way, are billing details (first name and surname, tax code, address, town/city, zip code, province, phone number, email address, PEC/Certified email address) and login details, such as usernames and passwords. The latter were protected with strong encryption, and in any case were promptly disabled and made unusable.
Payment details (e.g. credit cards), products and services (e.g. hosting, cloud, email, PEC etc.) and all the related data were not affected in any way.
Your customer area password was disabled without warning in accordance with our standard security policy. We apologize if this caused any inconvenience. This was necessary, as it allowed us to eliminate all possible security risks. Following this, if you still haven’t reset your password, the system will request you to change it and set a new one. Please note that this is not urgent, as the system is already safe.
As a further precaution, against common digital scams, we recommend that you:
always choose different passwords for each service that you use and change them on a regular basis;
pay particular attention to emails or PEC messages of dubious origin or with suspicious content;
avoid clicking on links and do not download attachments if the content of an email looks suspicious, unexpected or the sender is unknown;
bear in mind that our staff never contact you by email, text message or phone to ask you for your login details for services (username or password) or payment details (e.g. credit card number or PayPal account).
We confirm that no action is required on your part and we would like to apologize for any inconvenience. Please feel free to contact us for any further information or clarification by emailing [email protected]
Kind regards
Comments
They haven't stated it directly, but it sounds like the data was accessed without being blocked.
While I applaud notifying the customers I'd suggest they take more care in their wording going forward. Implying everything is fine will mean customers aren't keeping an eye out for password reuse, targeted phishing etc
That is what they did, very careful spinning.