New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Hosturly Security Incident
FatGrizzly
Member, Host Rep
in Providers
Dear [REDACTED],
I am writing to inform you about a recent security incident that has affected our WHMCS billing platform, shop.hosturly.com.
Following a thorough investigation in collaboration with a leading cybersecurity firm, Arctic Wolf, we’ve determined that a breach originated from a template developer, RSStudio, the creator of the widely-used Lagom theme. While we have not directly utilized the Lagom theme in recent years, we did have software from them on our billing system to support our email templates. This developer is used by thousands of hosting companies, and as a result, numerous other providers have been affected in recent months.
Our investigation points to the following information being exposed:
Full names, addresses, email addresses, and phone numbers
Emails/usernames and hashed passwords used for logging into our billing platform
Please note that these passwords are hashed and unintelligible; however, out of a concern for caution, please refer to the sections below on what to do to protect yourself.
Information regarding hosting services you have/had with us
Domains, usernames, and plain-text passwords for services
These plain-text passwords are the passwords used when a service is first deployed on our platform. It is imperative to change the password if haven’t since receiving the service. Please refer to the sections below on what to do to protect yourself.
Last four digits and expiration dates of saved cards
Please note that your full credit card number and security code were not compromised, as this information is stored securely at our payment processor, Stripe. Transactions via PayPal and cryptocurrency are also secure as they are processed externally from our billing platform. Consequently, we do not anticipate unauthorized transactions.
Invoices, quotes, emails, and tickets
This does not include any communication on our live chat or phone system.
Administrative information, logs, and notes
Please remain vigilant as there is a possibility of receiving unsolicited communications via email or text message prompting you to provide information, click on web links or download software. Please be sure to verify the source before acting upon any such request.
We’ve taken the following steps to mitigate such incidents from occurring in the future:
Inquired assistance from our cybersecurity partner, Arctic Wolf, to conduct a full evaluation of our infrastructure to further enhance security measures.
Provisioned a new WHMCS instance on a new system completely isolated from the previous installation.
Removed all third-party software that has not undergone vigorous penetration testing by our team.
Revoked logins to our billing platform (shop.hosturly.com) and control panels (VPS, web, domain, dedicated/colocation, game, and firewall/filter). You will need to reset your password to regain access. More information can be found below.
Rotated all API keys used on our billing platform.
Engaged with law enforcement agencies, including the Federal Bureau of Investigation (FBI) Cyber Division, for further assistance.
We have created a guide for the recommended next steps. Please refer to the following information below:
Reset passwords across our billing platform and control panels to regain access.
Billing Platform: shop.hosturly.com/password/reset
VPS Panel: vps.hosturly.com/#act=login&sa=fpass
Web Panel: Use the “Change Password” option on the Product Details page on shop.hosturly.com or via chi-1.webservercp.com:2083/resetpass.
Domain Panel: We have rotated all passwords. There is no action required.
Dedicated/Colocation Panel: Use the “Login to Panel” option on the Product Details page on shop.hosturly.com. Once loaded, navigate to “My Account” by clicking on your name in the top right corner. You will then see an option to reset your password.
Game Panel: game.hosturly.com/auth/password
Firewall/Filter Portal: Please reset your shop.hosturly.com password first and then proceed to log in to firewall.hosturly.com. You may be met with an error stating “You don't have any IPs assigned to your account. Please contact support.” If so, please wait about 5-15 minutes for the system to sync. If you don’t have all of your IPs after syncing, please contact us to get them reapplied. If you use Google single sign-on (SSO), please contact us for a new login.
Reset all passwords to services you have with us immediately. We strongly recommend always changing your original deployment passwords upon setup and never using the same password twice.
VPS services: help desk guide
Web services: If you reset the password to the web panel, you have already changed your service password. If you have not, please use the “Change Password” option on the Product Details page on shop.hosturly.com or via chi-1.webservercp.com:2083/resetpass.
Dedicated/Colocation services
Windows: help desk guide
Linux: help desk guide
Implement two-factor authentication (2FA) and SSH keys wherever possible.
If you require assistance in completing the steps above, please do not hesitate to contact us via live chat or ticket.
Additionally, we have created a frequently asked questions (FAQ) page regarding this incident on our help desk. You may view it here.
Your security, privacy, and trust in us are of paramount importance. We recognize the critical need for transparency in incidents like these and are committed to keeping you informed about all matters affecting your service. Should you have any questions or concerns, please do not hesitate to contact us via live chat, ticket, or email me at [email protected]. Our team is here to support you and provide any additional information you may require.
We sincerely apologize for any inconvenience this incident may have caused. Please know that we have been working around the clock to rectify the situation and ensure the security and reliability of our services. Your continued trust in us is greatly appreciated, and we remain dedicated to providing a secure and reliable service environment for all of our clients.
Best regards,
William P. A. McGlynn | President
c: Infraly, LLC DBA Hosturly & Buildurly
a: 1636 N Cedar Crest Blvd, #122, Allentown, PA 18104, USA
e: [email protected] / [email protected] / [email protected]
p: +1 (833) INF-RALY ext. 700
w: infraly.co / hosturly.com / buildurly.com
CONFIDENTIALITY NOTICE: THIS E-MAIL, INCLUDING ATTACHMENTS, IS INTENDED SOLELY FOR THE PERSON OR ENTITY TO WHICH IT WAS ADDRESSED AND MAY CONTAIN CONFIDENTIAL, PRIVILEGED, AND/OR PROPRIETARY INFORMATION. ANY REVIEW, DISSEMINATION, DISTRIBUTION, COPYING, PRINTING, OR OTHER USE OF THIS E-MAIL BY PERSONS OR ENTITIES OTHER THAN THE ADDRESSED OR HIS/HER AUTHORIZED AGENT IS PROHIBITED. IF YOU HAVE RECEIVED THIS E-MAIL IN ERROR, PLEASE CONTACT THE SENDER IMMEDIATELY AND DELETE THE MATERIAL FROM YOUR COMPUTER.
Homepage | Manage Account
Open a Ticket | Help Desk | Review Us
Terms of Service | Privacy Policy
Discord | LinkedIn | Instagram | Facebook | X
Copyright © 2024 Infraly, LLC DBA Hosturly. All rights reserved.
Comments
I thought the vuln was only with Lagom Theme, seems like via Lagom email templates too?
In case anyone might be interested in Arctic Wolf: https://en.wikipedia.org/wiki/Arctic_Wolf_Networks
I'm sure it's the same as the others.
Key word. Prob just had Lagom theme disabled but were using the actual email templates and the css/images associated is my guess.