Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home General
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Situation so serious, why Virtualizor hasn't come out to clarify and explain the circumstances?

sunkisssunkiss Member
in General

https://lowendtalk.com/profile/virtualizor

Is this official?

Last Active:February 1,2026

Is Virtualizor aware of the security breaches experienced by CloudCone and other service providers?

Isn't it time for Virtualizor to come out and clarify whether this was or not caused by their vulnerability, thereby salvaging their reputation in the industry?

Comments

  • tentortentor Member, Host Rep

    @SecNinja commented on their behalf as a pentester, not sure if account was confirmed/verified

  • CloudHopperCloudHopper Member

    Apparently that account is official, (confirmed by mods), and they've been messaging me privately for some strange reason.

    I've told them that they should communicate with their actual customers twice, rather than someone who actively avoids their product, (me), but maybe if enough people tag them then they'll respond publicly...

  • ScreenReaderScreenReader Member

    @sunkiss said:
    ...
    Isn't it time for Virtualizor to come out and clarify whether this was or not caused by their vulnerability, thereby salvaging their reputation in the industry?

    playing dead proven works for coloncrossing, why would they clarify anything?

    the "loss" by the provider probably doesn't worth that much anyway. you can steal $22k in crypto and you still can reign free in LET

  • sunkisssunkiss Member

    @ScreenReader said:

    @sunkiss said:
    ...
    Isn't it time for Virtualizor to come out and clarify whether this was or not caused by their vulnerability, thereby salvaging their reputation in the industry?

    playing dead proven works for coloncrossing, why would they clarify anything?

    the "loss" by the provider probably doesn't worth that much anyway. you can steal $22k in crypto and you still can reign free in LET

    Virtualizor has released an official statement

    https://www.virtualizor.com/blog/security-update-transparency-regarding-a-recent-support-ticket-incident/

    Thanked by 1WyvernCo
  • NyrNyr Community Contributor, Veteran

    @sunkiss said:

    @ScreenReader said:

    @sunkiss said:
    ...
    Isn't it time for Virtualizor to come out and clarify whether this was or not caused by their vulnerability, thereby salvaging their reputation in the industry?

    playing dead proven works for coloncrossing, why would they clarify anything?

    the "loss" by the provider probably doesn't worth that much anyway. you can steal $22k in crypto and you still can reign free in LET

    Virtualizor has released an official statement

    https://www.virtualizor.com/blog/security-update-transparency-regarding-a-recent-support-ticket-incident/

    So they’re claiming that providers shared plain-text login details to their infrastructure with Virtualizor support, and then failed to rotate those credentials for over a year?

    If that’s truly the cause of compromise, Virtualizor would not be the primary party at fault here, and affected providers are highly incompetent. IF that is what really happened.

    Thanked by 53K33 xvps oloke WyvernCo analog
  • backtogeekbacktogeek Member, Host Rep

    @Nyr said:

    @sunkiss said:

    @ScreenReader said:

    @sunkiss said:
    ...
    Isn't it time for Virtualizor to come out and clarify whether this was or not caused by their vulnerability, thereby salvaging their reputation in the industry?

    playing dead proven works for coloncrossing, why would they clarify anything?

    the "loss" by the provider probably doesn't worth that much anyway. you can steal $22k in crypto and you still can reign free in LET

    Virtualizor has released an official statement

    https://www.virtualizor.com/blog/security-update-transparency-regarding-a-recent-support-ticket-incident/

    So they’re claiming that providers shared plain-text login details to their infrastructure with Virtualizor support, and then failed to rotate those credentials for over a year?

    If that’s truly the cause of compromise, Virtualizor would not be the primary party at fault here, and affected providers are highly incompetent. IF that is what really happened.

    The only thing I can say in defence of any hosts is that historically the Virtualizor support system was a literal trash fire, a confusing web of bullshit almost built to put you off reporting anything.

    Then they often asked for root credentials and essentially refused to take the tickets any further unless you did.

    I am not surprised some hosts just put details in a ticket, kind of in the same way you don't always bother putting a coat on if it's raining and you only have to throw a bag of trash in the bin.

    But, giving them THE root password in plain text and then never changing it and relying on that as your only security is batshit crazy.

    Just saying reading that statement Vs the reality of being a Virtualizor customer 10+ years ago paint 2 very different pictures in reality.

Sign In or Register to comment.