PSA: Cloudie Networks breached

brueggus

@Seuss said:
SmartHost/Letbox and their other brands were compromised regarding to attacker.
But he claims he wont release their databases because they informed clients and treated it seriously. That or they paid the ransom.

Is there any client of them who got notified of the breach?

I have not received any information about a breach or data leak. What I've received over the last weeks are notifications like

VPS service on xxxx will be down for the next hour approximately, while this node has its base operating system re-installed.
This is necessary for security purposes to patch from a recent DDOS attack/hack attempt, and resolve any lingering affects.
Client data is safe, and service will resume shortly.

or

xxx will be down for maintenance to resolve recent ddos/hack issues. Service will be restored shortly, after which time performance will be much improved.

or

Apologies for the delay, our staff is under a very high support load current due to a complex DDOS attack/hack exploiting a software bug on our platform.
That would be the cause of your issue, and our staff is working non-stop, in conjunction with the VPS software vendor, and external security consultants, to resolve the matter.
Service is restored for any affected system, as soon as we see it occur.
Today's downtime was due to a full hardware node operating system re-install in the past couple hours, in attempts to block the hacker.

2bluesc

@brueggus said: I have not received any information about a breach or data leak. What I've received over the last weeks are notifications like

Received the same messages on open tickets. Network status page reports no issues (and hasn't for years), but several locations are down again as of 2024-01-04 08:10 UTC likely due to whatever DDoS is happening.

2bluesc

@brueggus said: I have not received any information about a breach or data leak. What I've received over the last weeks are notifications like

LetBox has finally acknowledged something has happened (first server status update since 02/23/2022):

Affecting System - Virtualization Platform

01/03/2024 23:51 Last Updated 01/05/2024 02:52
Outage / High Loads - Virtualization (VPS) Platform. Node Specific.

Many VPS nodes down for base O/S re-installation to clean up from prior DDOS/hacker issues and secure systems. Service will be restored per node as each process completed.

UPDATE:

We are currently working to restore service to nodes affected from prior ddos/hack issues.

While working smoothly one server at a time to clean up the prior issue, the hacker got angry and decided to corrupt the O/S on all systems he/she/they still could get to that were not re-installed/patched yet.

We are now scrambling to re-install all those nodes, and have been at it non-stop since last night.

The good news is, there has been no breach to any re-install nodes with the most recent version/patch we have been using for weeks now, so it is just a matter of working thru the platform to re-install/patch each and every node.

We do not have an ETA for full resolution yet, but all services should be restored today at some point, with nodes coming on line one by one as completed.

https://my.letbox.com/serverstatus.php

Moopah

@2bluesc said:

@brueggus said: I have not received any information about a breach or data leak. What I've received over the last weeks are notifications like

LetBox has finally acknowledged something has happened (first server status update since 02/23/2022):

Affecting System - Virtualization Platform

01/03/2024 23:51 Last Updated 01/05/2024 02:52
Outage / High Loads - Virtualization (VPS) Platform. Node Specific.

Many VPS nodes down for base O/S re-installation to clean up from prior DDOS/hacker issues and secure systems. Service will be restored per node as each process completed.

UPDATE:

We are currently working to restore service to nodes affected from prior ddos/hack issues.

While working smoothly one server at a time to clean up the prior issue, the hacker got angry and decided to corrupt the O/S on all systems he/she/they still could get to that were not re-installed/patched yet.

We are now scrambling to re-install all those nodes, and have been at it non-stop since last night.

The good news is, there has been no breach to any re-install nodes with the most recent version/patch we have been using for weeks now, so it is just a matter of working thru the platform to re-install/patch each and every node.

We do not have an ETA for full resolution yet, but all services should be restored today at some point, with nodes coming on line one by one as completed.

https://my.letbox.com/serverstatus.php

Well, that at least confirms they were hacked too

ichilton

Anyone heard from Cloudie recently?

I am still waiting on delivery of services ordered on black friday, but i've not been able to get a reply for a month now.

Over the past month, i've replied to the existing ticket, opened a new ticket, sent a PM on LET, but can't get any response at all.

Anyone got a way of contacting them?

Thanks,

Ian

totally_not_banned

@ichilton said:
Anyone heard from Cloudie recently?

I am still waiting on delivery of services ordered on black friday, but i've not been able to get a reply for a month now.

Over the past month, i've replied to the existing ticket, opened a new ticket, sent a PM on LET, but can't get any response at all.

Anyone got a way of contacting them?

Thanks,

Ian

I think by now your best option to reach them would be chargeback.