New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
PSA for Softaculous/Virtualizor users - Important Security Notification
Jamie_DreamIT
Member, Host Rep
in Providers
Just saw the email.
It has come to our attention that screenshots taken at regular intervals from our support employee(s) systems were inadvertently stored in a publicly accessible folder. These screenshots may have contained sensitive customer information, including server passwords submitted through our support systems between January and February 2025.
While the likelihood of any specific password appearing in these screenshots is low, we strongly recommend that you change your server passwords immediately if you submitted them via any of our support channels during this time.
However, we want to reassure you that there is no known or reported vulnerability in any of our software products.
None of our infrastructure has been compromised.
Comments
totally unexpected.
@providers move away of this shit already
This is odd
Since they talk just about screenshots and nothing else, I assume it was not some rat or malware.
So the whole making regular screenshots (of potential sensitive data) and then storing them somewhere was intentional?
Good job people as incompetent as this don't develop any software where security is important... oh, wait
This is a talk about remote employee monitoring system. Think about freelancer.com or fivver.com. You install application into your pc and when starting to work - press button "I'am working". Than, application at random intervals takes SS and sends it to the manager. At the end of the month / week / day manager reviews results, calculates real work time and confirms payment. Like snooping you know.
This is very popular in Punjabi, Delhi, Bangalore etc. In short: India thing.
Full mail below.
If anyone is using their products, I would advise them to migrate.
I am already looking into alternatives for autoinstallers with D.A. integration.
Softaculous/Virtualizor's team is kinda developing a habit of getting hacked or misuse sensitive data.
@HostSlick better migrate to
Virtfuuuuuuuuuuuuuuuuuuuuuuusion
I really hope Virtualizor cleans stuff up.
"bug"
When does ColoCrossing clean their security mess?
I don't know, but I have the feelings that what happened to ColoCrossing is related to this, and thus, even if they're at fault for their poor security practices, you guys are also for not changing credentials you sent to random agents (or by just handing them out in the first place)
This is pretty telling: https://www.virtualizor.com/blog/virtualizor-3-2-5-patch-1/
Either way, what is done is done and hopefully Virtualizor has all the weaknesses cleaned up. Plenty of people in this industry, including the team at Virtualizor spend tremendous effort building things. So discouraging when bad apples try to destroy things (security weaknesses or not).
Tremendous effort to build a thing where you store passwords in plain text. In business this called cookie cutting.
Shouldn't ever happen. If it did, which it seems like some VNC passwords in some cases were, that was a mistake by the devs. Going to get fixed rapidly I am sure.
Okay if you blame Virtualizor, why are you the only ones that got hacked?
This got me thinking the same. Shouldn't have this been a much more widespread breach? Why only CC?
We recieved the same mail, I don't understand why this kind of situation always happens with Softaculous products, a few months ago there was a problem with the server information shared on tawk.to. We try to take precautions on our side, but Softaculous software loses a lot of credibility in such cases. Lately we are very tired of this kind of situations and we are looking for alternatives.
Virtfuuuuuuuuuusiooooooonnnnn
Did you read explanation from virtualizor? They said that “breach” was due to publically available screenshots. There was passwords in them which was provided via live chat.
Virtfuuuuuuuuuuuuuuuuuuuuuuusion
Yes if you had an exploit, to break into every single fucking, Virtualizor instance, on this fucking planet.
You would do that if they could and extort every single provider at the same time.
Like we saw with SolusVM, when they got hacked.
What a joke:
To end with this:
What a joke! Seriously.
Yes I did, if they did that, they handed over, access, to 11k VM's on a golden plate.
They didn't even bother changing API or passwords afterwards....
They don't have Wisecp integration as I know
What's a wisecp and who needs it
Very common within Turkish hosts for what I've seen. Just like any other billing platform pretty much.
Wisecp is a Web Hosting Management script made by Turkish Developers. Its like WHMCS, Blesta and Hostbill. We are not happy with them also
That doesn't sound wise
yes ig
Strange not to rotate keys/passwords, especially given that an email was sent on February 20th 2025 informing clients that the Virtualizor Live Chat was compromised:
https://lowendtalk.com/discussion/202897/virtualizor-live-chat-compromised
Also, the fact no other provider has been compromised suggests either ColoCrossing was very unlucky, or more likely it's unrelated...same with the latest Virtualizor release where the VM firewall rules weren't being applied after a restart, but of course it was their Virtualizor panel that was compromised and not specific VMs.
None of this seems related to them getting hacked. It looks more like obfuscation and PR rather than a serious incident response or any sort of root cause analysis, especially as they haven't informed their customers that their personal data has been leaked.
On a serious note I think it is not hard to develop an integration for Wisecp given that existing VirtFusion integrations are pretty simple