All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
SmartHost Cybersecurity Incident
I got this email this morning so thought I would share.
Notice of Cybersecurity Incident
Attn: -
We are writing to notify you of a recent event that may have impacted your personal information.
At this time, we have no indication of fraudulent use of your personal information as a result of this incident.
Nevertheless, we are notifying you out of an abundance of caution to explain the circumstances as we understand them.
What Happened
SmartHost LLC recently became aware in late December 2023 of a cybersecurity incident impacting its client/billing platform.
An individual(s) accessed SmartHost's client/billing system administrative areas without authorization, including gaining access via a 3rd party vendor module.
The individual(s) claimed to have downloaded customer data from SmartHost's computer systems, then threatened to post and disclose the data on an Internet forum.
Upon being made initially aware of a potential breach, SmartHost immediately began an investigation into the incident.
Although no data has been released that we have seen by this individual(s) as of this time, SmartHost has determined the client/billing system was indeed breached.
What information was potentially accessed?
The compromised data would include client names, address information, phone numbers, email addresses, user names, and account/service passwords
SmartHost does not store financial information on this platform, such as credit/debit card information, which would be stored directly with our 3rd party credit card processor.
SmartHost does not have any more sensitive information about our client base such as financial information, social security numbers, ID numbers, drivers license information, etc...
What We Are Doing
We take the security of our customers’ data seriously, and after SmartHost became aware of the event, we took immediate measures to investigate and remediate the incident.
We have implemented additional safeguards to improve security related to 3rd party software/modules, and the client/billing platform as a whole.
When SmartHost was made aware of the potential breach, we immediately performed global password resets for all client accounts and the server/service passwords that we could.
We also updated all internal system access methods/connectivity.
We have also hired external security consultants to review the matter and assist as well.
Please be assured that we take data security and confidentiality very seriously.
Steps SmartHost has taken to implement additional layers of security (not necessarily in this order):
Identified/removed the primary vulnerability associated with this incident
Global password resets for all users/systems
Update platform security settings and access credentials
Collaborated with cybersecurity specialists to review the situation
Reinstall clean system platform
Notified client base about the incident
Strengthen login credentials/methods and continue to enhance login protocols/procedures and other security measures
Continuing to monitor the situation and investigate this incident
Why did it take SmartHost so long to notify me about this?
SmartHost’s investigation is ongoing. As soon as SmartHost learned that its environment had been accessed by an unauthorized party, SmartHost immediately commenced the investigation, including working with third-party security consultants. System lockdowns were immediately implemented even before we could completely verify the breach. Simultaneously, SmartHost was dealing with another security issue at the same time, including DDOS/hack attempts against our VPS service platform, and we were unsure how/if the two issues were related. It took some time to diagnose, and we have only recently concluded by our staff, external security consultants, and software vendors, that they were unrelated issues.
Do you know who accessed the information illegally?
No, the identity of the individual(s) responsible for this incident is still being investigated; however, they refer to themselves as "Scavenger" and the "whmcssec" team.
Is the stolen information being misused?
At this time, there is no evidence that your information has been misused.
SmartHost has not received any reports of misuse of specific individual’s personal information as a result of this incident.
We understand that this same individual(s) have conducted systematic similar breaches recently of hundreds of other web hosting providers in the industry.
It is our understanding that the system breach was done to prove a point, and force hosting providers to make security policy/procedure changes.
Does this mean I am a victim of identity theft or identity fraud?
No. This means that some personal information is in the hands of unauthorized individual(s), and they could use it to commit identity theft or identity fraud.
If you believe you are the victim of identity theft or fraud, you should immediately report it to local law enforcement.
What You Can Do
There is no reason to believe that you need to take necessary action at this time regarding the personal contact information.
We do recommend again changing your login passwords to the client/billing interface, and to any server/system provided with your SmartHost service, in case global resets did not complete such.
We also recommend implementing two-factor authentication (2FA) on your account, if not done so already, which can be done at:
https://www.smarthost.net/index.php?rp=/user/security
As a best practice, we recommend you remain vigilant and promptly report any suspicious activity, or suspected identity theft, to the proper law enforcement authorities and financial and banking service providers.
On behalf of SmartHost, we apologize for this security breach and for any concern this may have caused.
We have subsequently taken, and continue to take, a number actions to ensure that this incident is thoroughly resolved, and to minimize the risk of a similar incident recurring
If you have any further questions, you are welcome to contact us by responding to this email notification.
SmartHost LLC
Henderson, NV USA
http://smarthost.net
[email protected]
Comments
Letbox too.
A month to alert customers about a breach? 😂
He denied it on LES a few hours before, also attacked a user. gg
Why would they try and deny it and attack a user knowing that it was indeed the truth?
smarthost
reasons not to renew:
google captcha to login client area
pin code to create support ticket
ip address to create support ticket
"service password"? to create support ticket
network status not updated
billing system hacked (added 20240118)
Whats wrong with captcha and ip address for tickets? Helps in diagnosis. (assuming ip is server ip, anyways your ip is logged)
This amount of friction to simply open a ticket probably seems like a great way to cut down on work from a provider's pov, but I'm a customer and it's annoying and aggravating.
Especially when I'm having to open a ticket to find out why my service is offline because there's no info on the status page.
I wish Shawn and his team all the best in this, that's brutal.
Francisco
Choices were made:
No notification was sent out when the week plus ddos attack was happening.
Weeks to send out notification that a security breach occurred.
Bad choices.
Communication is both cheap, easy and effective.
Untrue.
~ SMARTHOST
In hindsight, that should absolutely have been faster.
We had our hands full dealing with the issue (investigation/patching/securing), a very sophisticated attack on our VPS platform occurring over same time period, and a huge amount of tickets resulting from such.
To be blunt, we were just completely overwhelmed by the workload, and just did the best we could, working night and day to get it sorted.
I don't wish any other provider to go thru the same, and we have learned much from the situation.
~ SMARTHOST
Thanks.
I think I aged a decade dealing with all this. ;-(
~ SMARTHOST
So, it is not just me.
I bought a server from them last week and I had to ask them to approve my purchase because of IP geolocation issues. I think they have beefed up their service immediately after the breach.
Wish best of luck to Shawn and I hope everything is recovered quickly
This can happen with any provider, not just @SmartHost
Even the largest providers have had security incidents
Yup nothing is 100% HACK PROOF unless you just keep it offline ... now someone can even argue about that ....
Can confirm, idling is a good way to protect against hacks
People tagged you, you stayed silent.
You even insulted members on LES.
Yesterday you started sending an announcement to your costumers about the breach, days after it was already getting discussed on LES that the breach was obvious.
Yes this can happen.
But after things happen, but they keep silent and dont give detail information about what happen behind.
They just send an email few minute ago before reintalling host.
"Node xxx will be down for maintenance to resolve recent ddos/hack issues"
I got first email like above one one month ago after that got few mails.
What issue?!
What billing system and module?
Some WHMCS module once again?
Not even then if it's valuable enough.
In the late 90s/early 00s we used to joke no computer is safe, even if you put it 100meters in the ground in a steel reinforced bunker, especially if it's power on.
The question is of only is that data valuable enough?
I'd hazard a guess; something the practical and cheap solution for immortality and 300+IQ without negative side effects OR unlimited free energy and there's nothing on this planet which could secure that information.
You can merely delay the inevitable for such valuable data.