U.K Web hoster, customers scramble after attack deletes 100,000 sites
The continuing fallout from a hacking incident at U.K.-based Web hosting company VAserv should serve as a powerful reminder that companies need proper data backup and disaster recovery procedures.
The incident, which could result in a fire sale of VAserv to another hosting provider, is also an especially stark example of the kind of havoc that a malicious attacker can wreak on businesses.
Late Sunday, an unknown hacker or hackers attacked VAserve's virtual server infrastructure and deleted about 100,000 sites, or about half of those being hosted by the company, according to The Register. The attackers apparently took advantage of security flaws in a virtualization software platform called HyperVM to break into the company's servers and essentially issue commands to erase all of the contents hosted on them. According to news reports, the hackers appear to have accessed customer credit card data and other information stored on the compromised servers.
VAserv basically offers low-cost Web hosting services using virtualized private servers based on HyperVM. As of Wednesday morning, it was not clear how many of its customers -- many of them based in the U.S -- had irretrievably lost data in the attack. That number could be high, though, because half of those affected had apparently signed up for an unmanaged service that doesn't include backups, according to the Register.
This morning it was also not clear whether the servers had been compromised because of vulnerabilities in HyperVM, as VAserv claims, or whether weak administrator passwords were to blame, as posited by the Inquisitr. The site links to a post, ostensibly by someone behind the attack, that talks about it having been facilitated by "excessive passwd reuse."
"Z3r0 day in hypervm?? plz u give us too much credit," the poster said, adding that he or she had compromised the VAserv billing system, installed backdoors on it and stolen lots of credit card numbers. "Telling you this cuz we got bored of this ****, it's just too easy and monotonous."
A note on VAserv's Web site, which is now just a text document with details on the company's restoration efforts, claimed its staff had been working "tirelessly" over the last 48 hours. "However, we have now reached the end of all of our servers, and as such, if your server is not currently up, or not partly up, then it is unfortunate that you will have lost your data due to this third-party attack," the note said.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
web hosting
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
