New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
ChicagoVPS database leaked? ChicagoVPS customers - change your root passwords immediately!
This discussion has been closed.
Comments
@soluslabs
Thanks for helping in spreading everybody's root passwords, very good product (for hackers)
Can someone send me the dump as well, i need to check my data.
Thanks for helping in spreading everybody's root passwords, very good product (for hackers)
To me they look a lot like base64 encoded passwords but I am no expert with hashes.
Should probably tag @let on that, too.
Thanks for helping in spreading everybody's root passwords, very good product (for hackers)
Then use your not-so-common sense and change the password with "passwd" instead of maintaining the same one you used at sign up. I always sign up with "bullshitpass" and then change it afterwards since i know they are logged in SolusVM and WHMCS.
If root password is re-assigned upon reinstallation, they are not hashed. I do remember my root password not working after reinstall, could it be some providers are hashing them after all? Otherwise, someone should notify all ChicagoVPS clients their root passwords have been compromised ...
Or people are using really long random passwords?
So plain text it is
Nice.... And I was happy that I didn't had anything to do with CVPS anymore. Now I need to change all my passwords -_-
You act like LET made and spreaded the dump, anybody could post it on some forum.
I highly doubt everyone uses passwords that are constructed in a same way. Lots of them end in "=" or "==". (As many base64 encoded)
Anyway, I tried to decode some but they return garbage. Salted atleast.
I've read the entire thread...
I fail to see how this vindicates the action; please educate me.
Could.somebody please PM me the db? Thanks
Only SolusVM part has been taken?
Nevermind
Some parts in the db (console passwords, root passwords, ftp backup passwords) are encrypted. Yo get the key from solusvm.conf. (http://docs.solusvm.com/moving_the_master)
I could go on WHT and post it so people grasp it quickly before it gets removed / censored like here.
I was just sent a html file which contains the data from the database and it also includes MySQL config file (including the password encryption key).
So yes, if the file is legit database dump, root passwords have been compromised
Root passwords aren't hashed and open to the public, suggest all server owner who had a vps from November 2012 or earlier change there password
if people here didn't send it to everyone else ... the root passwords would never have gone out.
no
The leakers were PM'ing multiple people
I'm just going to see if there is any of my info, jeez! When the WHMCS hack happened I opened it, looked for my info, saw it in there, changed my password, and moved on.
Fixed. Who knows how many hands this has passed through? Whoever got into their solusvm clearly had malicious intent. I highly doubt they were sitting on this database without any intent on using it for equally malicious purposes.
Glad this came out so that clients can be aware of it, though it should have been made clear by CVPS in the beginning. Obviously you should assume the data was compromised originally, but if anyone got caught with their pants down wondering just what information was distributed, they can put that to rest.
No one likes to admit being compromised, but if it happens all you can do is try to minimize the damage by letting your clients know.
If a person jumps of a bridge, would you do it to ?
Why help sending the db to people who shouldn't have it ?
Customers should have it. As such I don't see why every body else but me can have it.
I don't
The only giving it out was @Raymii by not censoring out the link from the beginning
and of course the sender of that Pm
First off, last night I was being threatening by another provider here (whom I have on Skype) on the "possible" chance he has our database. This "provider" happens to be someone whom I used to be very close with in the prior my employment with CVPS Knowing how he always tends to "play around" and act immature, I was definitely not inclined to believe him hence did not say anything about it, but for good measure simply because I take something like this very seriously, I still immediately reset all SolusVM passwords and sent out that email.
@BronzeByte, After receiving access to the database this morning, this seems related to the hack in November 2012 and the database is in fact old. Our company has grown significantly since then, we are at over 150 physical servers at this point of time (to be exact, 160). Screenshot attached below.
I suggest all customers who signed up to us prior November 2012 to reset their VPS Control panel and root passwords as well. Sadly, Jeremiah did not leave us with plenty of information about the incident in November and left when things were at a pile of mess, and I was not with CVPS during that time, but what I can say is I have been working closely to analyze further details about it and have changed every aspect of what I think could be related with the hack, all the way from API keys to backup server passwords to node ID key passwords, because you can't play around when it comes to security. We have not had any VMs compromised from any other event other than the November 2012 incident, and again the database seems to be related with this.
I also find it very discouraging that all the people asking for the DB here are providers, and likely have malicious intents with it, but the database is useless now in terms of gaining access to anything as the whole nine yards have been covered and changed.
Seriously? So that you can use that to spam CVPS customers?