Fasthosts hacked: change your password!

Dynamoo · 18-10-07

Quote:

Fasthosts, "the UK's number 1 web host", has fired off emergency emails telling customers to change all their passwords after police were called in to investigate a major data breach.

The Gloucester-based firm contacted The Reg this morning with a statement. It said: "As the breach could relate to Fasthosts customer data... Fasthosts has subsequently reviewed and updated its security and worked with external security experts to ensure that all data held by Fasthosts is secure.

"As a precautionary measure, Fasthosts has asked its customers to update their passwords. This includes their control panel, email, FTP, and database passwords, all of which can be changed via the customer control panel. Fasthosts has now implemented customer password encryption to further protect customer data."

More here.

John Jupp · 18-10-07

Hate it but a client uses them so everything is being altered. Cheers for the heads up.

tbp · 18-10-07

If anyone has an account on fasthosts, I would advise them to keep an eye on their credit card / bank details, as these used to be held unencrypted along with the passwords.

John Jupp · 18-10-07

That shall only apply to those with webhosting and not ordinary website customers obviously as we all I am sure do not keep such details ourselves but use third party payment providers.

gadget · 18-10-07

Is this just customer login details or FTP as well? .. Sorry, didn't read the quote above.

Quote:

"Fasthosts has now implemented customer password encryption to further protect customer data."

Makes you wonder what security that had before.

tbp · 18-10-07

Im not sure if they still do, but I was reliably informed that they used to keep credit card details in their database, in clear text with full details. This was for anyone who had an account with them, whether on a shared or dedicated server.

If someone has got the passwords of all their accounts, it means someones got into their backend, where the credit card details are stored as well.

ian-d · 18-10-07

Has this affected ukreg customers too, because thinking about it, the only place i have my debit card stored is on ukreg for domain renewals! That might be where my £1.5k was spent? Any thoughts? If it is, i'll be sueing them.

SimonDance · 18-10-07

Thanks for the heads up -

I've also got some domains with Ukreg and have changed my password and removed my bank details just to be on the safeside...

ian-d · 18-10-07

I've emailed them an official correspondance asking whether ukreg customers have been affected, and when this breach took place. If its prior to 2 weeks ago, then i might be in a position to make a claim against them for the theft of my card details!

No point me changing them on their site now, the card was terminated!

getvisible · 18-10-07

yeh - I just had the email through too. Thankfully I don't use them for any of my major sites. But still a concern!

ian-d · 18-10-07

Here's part of the response to my email asking if it could be the reason for my debit card being use fraudulently...

Quote:

Fasthosts has been, and continues , working with credit card companies on this incident. If there is any risk to your payment details, you will be contacted by your bank or credit card company.

Not sure that actually means anything, and in the meantime that might be the reason why i had money robbed from my account. Might of course be completely unrelated, but is very strange and somewhat of a coincidence.