New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
HostSolutions hacked?

Just got this email. It has my data in it.
How did this happen? Did anyone else get this that used them before?
Comments
Ho Lee Phuc.
Not a customer but you have piqued my interest.
if such a breach actually took place and cociu did not inform his customers about it, then it is a serious (very costly) violation of the GDPR
I never received that email, but makes sense. I still have over $100 in credit and no active services.
another drama?
I realize now why this company looks familiar.
What do you think, all those hard drives he was selling in a rush... did he completely remove user data from them?
So first it says "We stole their database and all of their backups.". Then it's "We also deleted all backups we could.". Lastly "If they try to deny breach again we post the databases for free online. Including backups of customers VPS servers.". Whoever did this needs to get the plans in order.
They must've scooped some involucrated drives from OLX. Standby for a response on a Monday.
"Including backups of customers VPS services"
Oh thank God somebody has a backup of my vps that was involucrated (or whatever) lmao 😆
I actually laughed instead of just doing a loud nose exhale at this one.
Looks plausible. Definitely not "obviously fake." I'd caution considering it real but anything you have there, you should make sure nothing in the WHMCS profile, especially it's email history, grants access to anything of value of yours. Worst scenario you do good security stuff.
Response from who? cociu? He's busy being Secret Santa handing perfumes out.
he's probably migrated to Norway by now, hiding in a bunker
The UUID field is what's throwing me off. WHMCS doesn't store a UUID field on
tblclients
. Hostsolutions also used a proxmox plugin to manage their nodes, not SolusVM/Virtualizor.Maybe they used virtualizor at the very beginning, but I'd assume those monthly costs would've been an unneeded cost given the prices he was offering.
Francisco
the end is nigh
I confirmed the hashed password was the one I used for them because I still had it in my password manager. I'm not too sure either about how the data was being stored, but something was hacked.
Which portal was this on? Their billing? Or was there something else?
Francisco
Billing, almost positive. It was my password for https://secure.hostsolutions.ro/
Well, shitty it true
I don't recall what URL they used for billing.
Francisco
I just got the email,
[email protected]
is in my email field, that's the way I know who leaks my email.Seems they really hacked hostsolutions.
Oh my. Ready the popcorn
I just got the email too.
Here's the full DB columns:
"uuid","firstname","lastname","companyname","email","address1","address2","city","state","postcode","country","phonenumber","tax_id","password","authmodule","authdata","currency","defaultgateway","credit","taxexempt","latefeeoveride","overideduenotices","separateinvoices","disableautocc","datecreated","notes","billingcid","securityqid","securityqans","groupid","cardtype","cardlastfour","cardnum","startdate","expdate","issuenumber","bankname","banktype","bankcode","bankacct","gatewayid","lastlogin","ip","host","status","language","pwresetkey","emailoptout","marketing_emails_opt_in","overrideautoclose","allow_sso","email_verified","created_at","updated_at","pwresetexpiry"
You're right, WHMCS added a
uuid
field at some point, I guess i've never noticed it, always just refer to users by theirid
.Francisco
got the email
Just received mine.
I got the email too. I did not have a great experience with HS. The hacker probably right, we would never had been told as they made everything up as they went along.
Got mine too, oh well they only have email/pass.
Don't forget by default WHMCS sends the password you create for your login to you via email. It also sends you the password generated for services on provision typically. These are stored in plain text in the email history table.
CC details on file...