All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
OuiHeberg Security Breach
From OuiHeberg Discord (Gemini translated):
📢 [Official Announcement] — Security Incident of 11/09
Hello everyone,
Since yesterday, you may have noticed the deliberate shutdown of our customer area.
This is not simple maintenance, but an exceptional crisis management measure following a security incident.On November 9th, 2025, OuiHeberg was the victim of a targeted hack that compromised a part of our customer database.
The attackers were able to access certain personal data, including:
last name, first name, email, password (encrypted), postal address, city, country, postal code, and phone number.🔒 Measures Implemented
Complete Reset of Customer Passwords
All passwords in the database have been intentionally rendered unusable.
Only the "Forgot Password" function now allows for the secure restoration of account access.Emergency Migration of Web Hosting (cPanel)
We detected a suspicious connection attempt on the cPanel servers.
As a precaution, all websites have been temporarily migrated to another hosting provider while we stabilize the situation and perform the necessary checks.Securing VPS (Virtualizor & Proxmox)
Our VPS infrastructure relies on two distinct environments:
- Proxmox, our primary infrastructure (approximately 75% of VPS)
- Virtualizor, a secondary infrastructure now considered to be the entry point of the attack
Here are the measures taken:
- All SSH passwords for Proxmox VPS were force-reset and regenerated during the night of November 9th to 10th.
- The Virtualizor infrastructure shows a much higher level of compromise and has therefore been completely shut down for an indefinite period to prevent any propagation.
- No VPS have been deleted, but access remains temporarily blocked pending a secure recovery.
Reporting to Competent Authorities
We have reported the incident to the CNIL (French Data Protection Authority) and notified the ANSSI (National Agency for the Security of Information Systems) of the facts, in accordance with our legal obligations and as part of our commitment to full transparency.🧭 Current Status and Next Steps
Our immediate priority is the gradual restoration of service for:
- Web hosting,
- and Proxmox VPS, which are currently functional but in degraded mode (without a management interface).
We will soon be bringing the customer area back online so that we can communicate with all our customers. Obviously, we can no longer meet the 24-hour ETA for tickets. (https://manager.ouiheberg.com)
We want to thank each and every one of you for your patience and trust.
Our teams are fully mobilized to ensure the continuity of your services and to guarantee a return to normal under the best possible security conditions.
Comments
NonHeberg
No email received about this
Oui Oui
I hope all of you used unique email alias when registering
No email received about this either. When I go to their page there is link to reset password in French and on that page switching language doesn't work at first. Looks exactly like phishing site even if it's legit.
Email is one thing, leaking the address and phone number is worse. Then providers wonder why people don't put in real address and catch it as fraud attempt. It's only matter of time when it will get hacked somewhere.
As they stated that probably Virtualizor was the attack vector, do they also use WHMCS?
Yes, they use both WHMCS and Virtualizor.
what happened?
What Virtualizor vector ?
It's sad to hear that. I don't even know what to do now. I have several servers there and the leakage of the address and banking information is the worst thing that can happen. I would like to hear/see the official representative of Ouiheberg on LET and up-to-date information about it…
@ouiheberg 🙏
I'm not a customer, and obviously that's a lot of data to be leaked if you are a customer, but I definitely applaud their transparent and very prompt disclosure, as it actually gives customers a chance to do something about it.
this sucks big time!
This is probably just my insufficient use of English (as a second lang): I meant that by their statement someone seems to have broken into their systems via their Virtualizor installation:
and from there one move around in the internal systems of the provider.
I may be the same the the last hack that claimed to be connected to Virtualizor that the API keys had been leaked and left for any IP address to have full control if this happens to be the same.
Virtualizor is almost always the problem.
As a customer I’m disappointed that no email communication has gone out. The only place your can find any information is on their discord, and that’s all in French only.
Hi rest assured, an email campaign is currently in progress.
We are improving the communication as we go, including the English version.
Not a single provider has my real phone number i think
Yeah name is fine... address meh
Phone? Nope
identity theft is real
lol im surprised there are very few providers who get breached
well glad i noped on these deals.
props on the disclosure (minor neg rep for discord-only).
weird notice on the main website "working on significant improvements", maybe bad firefox translation?
To be honest, I really like the product. It’s perfect for my use case. Getting my data leaked, less so…
And still not emailing affected customers about this is bad form.
Don't fraud sir, put in a real address. Doesn't have to be yours.
I usually just use the Skhron abuse email
Daily mail rmail sounds 🔥
We would just like to add that this security breach is not caused by Virtualizor as per the details shared by the Ouiheberg team.
comments @ouiheberg ?