New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Blesta Hacked - Ransom Gang Threatens to Release Customer Details Tomorrow
raindog308
Administrator, Veteran
in General
https://lowendbox.com/blog/blesta-hacked-ransom-gang-threatens-to-leak-customer-details-tomorrow/
Possible it's just Blesta's email servers and not their entire environment.
Thanked by 1khalequzzaman
Comments
First
was it the canadians again
Blesta released a statement, I highly recommend including that in your panic blog / post.
This is going to become commonplace. If cPanel had serious vulnerabilities, just imagine DirectAdmin and Blesta, it’s only a matter of time before they’re exploited. I wouldn’t be at all surprised if many of them had critical vulnerabilities that were never patched. With artificial intelligence on the rise and AI-driven attacks becoming more common, it’s only a matter of time, it won’t be long before chaos sets in.
Even if nothing has been “compromised” yet, things are moving in that direction.
Where? I’ve already had a look on their website and can’t see anything on the blog...
Dear Customer,
We are writing to inform you of a security incident affecting portions of our internal infrastructure.
On June 25, we created a temporary support account for a third-party virtualization software vendor in connection with an active support request. We have since determined that an unauthorized party gained access using those credentials before the account password was changed that evening. The incident is currently under active investigation.
The unauthorized individual used that access to send an email through our customer portal to a limited number of customers claiming that our systems had been compromised and threatening to publish customer data unless a ransom was paid. That email was unauthorized and was not an official communication from Blesta.
Upon discovering the unauthorized activity, we immediately disabled the affected account, secured impacted systems, revoked unauthorized access, preserved forensic evidence, and began a comprehensive forensic investigation into the scope of the incident.
Our investigation remains ongoing. We are reviewing system logs, server images, and other forensic evidence to determine what systems and information may have been accessed. Many people are asking if their Blesta installations are safe. At this time, we have found no evidence that the incident involved a vulnerability in the Blesta software itself.
We understand that this incident is concerning, and we sincerely apologize for the uncertainty it has caused. We are committed to keeping our customers informed throughout the investigation and will provide additional updates as verified information becomes available. If we determine that any customer-specific action is necessary, we will contact affected customers directly.
If you have any questions, please contact our support team.
Thank you,
The Blesta Team
GLWS
Which providers use Blesta?
IF I'm not wrong:
@MivoCloud
@ManishPant aka @kuroit
Knownhost.com - @ChrisMiller ?
Naah buddy we use WHMCS
Hostbrr, HostCram @Shakib , @systemfreaks they use Blesta
THATS EXACTLY WHAT THEYD SAY INNIT
Blesta Fiesta. Who uses those shit panels today just deserve to be pwned.
Define chaos. A bunch of stuff will get rooted causing a bunch of sad faces. For a while the rate increases and after that it falls off again. Exploitable bugs are a finite resource. Being able to locate more doesn't change that. Even factoring in that new ones would be added regularly (which might or might not be the case depending on the specific project) there isn't enough supply to keep any kind of scary pace.
I don't have any meaningful data with blesta.com to begin with.
My license was brought from a reseller and later moved to blesta.com directly. They just have my public contact information and the IPv4 address where our Client Portal is hosted.
I change cards every month.