back to article Fasthosts customers blindsided by emergency password reset

Fasthosts has announced that "a number" of its customers'* FTP spaces were raided as a result of the major hack that triggered a police investigation last month. It has applied a system-wide reset of thousands of passwords as a result. The Gloucester-based webhosting firm yesterday performed the emergency reset of control …

COMMENTS

This topic is closed for new posts.

Page:

  1. john Tait

    Fasthosts - same as all the other hosts...

    What a balls up - and surely so overkill!?

    However I've got to say, after spending £700 per month with those idiots at Coreix, for £140 a month on a fasthosts dedicated machine - cheaper and just as bad!!!!

  2. Rich Harding

    A Couple of Points

    No, price and value are not the same thing and yes, you do get what you pay for. It's very easy to tar everyone with the same brush but there are far worse hosts out there for what a lot of people use FastHosts for. The crass stupidity here is the way they have dealt with a "security breach".

    Yes, there are advantages to having greater control over servers. I'm sure that many of the complainants on here, including myself, use a mix of hosting providers - horses for courses. Catch-all "Should have known better" comments actually make the posters look slightly dimmer than they intend. I'm sure many of the complainants are also perfectly capable of managing a server should they choose to but have chosen not to for some websites - because for a lot of websites it simply is not worth the aggravation. Choosing to self-host some high-volume sites would actually be the height of stupidity. I'm quite capable of stripping and rebuilding an engine but I don't service my own vehicles (any more).

    Back to the "breach" itself - if it's to do with FTP, I'm sure I'm not the only FastHosts customer who has previously wondered about the wisdom of their policy for FTP logins and mainly chosen to use separately created accounts (I don't remember it always being how it currently is). Surely if they were going to cause the havoc they have anyway, it would have been wise to change this policy at this juncture.

  3. John Rudolf
    Coat

    We're back online!

    Well, here's a thing. Apparently nothing to do with this:

    http://news.bbc.co.uk/1/hi/england/gloucestershire/7124755.stm

    Was phoned at around 4pm by a helpful soul at Fasthosts. After a little trouble validating me - we finally agreed on the last 4 of my credit card - I was given the new password to the Admin CP of the site mentioned in the article.

    So, no apology but let's let that pass for now. The helpful soul said that only 25% of people had changed their passwords in response to their October email. He admitted that their email had come across as advisory rather than mandatory.

    When asked what triggered the password change, he said that a couple of customers' ftp sites had been compromised. I asked if email addresses/Admin passwords had been compromised and he said no, but what they wanted to avoid was password changes now, and then more changes later if something else had been compromised etc etc.

    Well, I'm in. SQL and ftp changed. Database backed up, downloaded and stored. And everyone must be doing the same as the ftp download is like walking through treacle!

    I must admit, now we're "back", the frustration/aggression has evaporated. Until the next time maybe?

    My solution for next time is for their engineers to allow validation on specific data (like the last 4 of your credit card) and allow users to get a new password through it. Posting passwords? Well if that was safe, Gordon Brown wouldn't be squirming quite so much at the moment - and of course, if you have moved since registering and not updated your details then a stranger will now have your admin password!

    Let's face it, the hackers won. Fasthosts have lost big time but then so have we, the customers, and indeed our own users. By over-reacting, and yes, it was an over-reaction, they have done more damage than the hackers ever could by a factor of a thousand. I would be laughing myself silly if I was the hacker concerned.

    Lessons learned? I'm afraid the harshest lesson was that Fasthosts don't have a sensible policy for security, handling hacking nor password change. Would another webhost? Who knows. But I am fairly sure that at the very least there would be apologies and rapid resolution. The biggest lesson, which Fasthosts MUST learn if they are to remain in business is that the systems must REMAIN UP as the highest priority. Everything else is secondary to keeping sites online. Risk analysis would have shown that what the hackers could achieve paled into insignificance with what Fasthosts did to us.

    We will be moving. In the absence of apology, good communication and compensation, it would be an afront to ourselves and our users to remain with Fasthosts.

    I do hope all those still offline manage to regain control of their sites soon.

  4. Anonymous Coward
    Go

    Move Domain

    If you have .uk domain you can simply log on to your nominet account (you will have got a letter some months after registering your domain) and change the ipstag yourself. It costs £10 but thats sometimes better than waiting for your isp to do it and it some cases cheaper.

    I did it recently to remove a domain from easyspace because to move a domain you have to ring an 0870 number so they can try and persuade you to stay, once you've finally confirmed you want to leave they charge £15 to change the IPStag.

    As for fasthosts my only experience of their service was a dedicated server which we dumped almost immediately once we realised it was their own (out of date) version of linux. When I mentioned it to a friend who lived near by and ran an IT business told me drop them asap because of experiences he had had. That was 5 years ago, seems like things haven't improved.

    Are they really using ftp? Surely this means passwords are being passed in clear text anyway and so can be grabbed by anyone?

    Not sure why someone hacking a few ftp accounts should mean reissuing every master password. If a few peoples ftp accounts have been hacked surely thats just a few sites defaced.

    It shouldn't mean that the hacked has access to everyones accounts. Looks like there is a lot more to this than we are being told.

    As for losing a domain, I guess you'll learn to always renew your 'corporate' domains well in advance. You should never leave it to the last minute as you can never guarantee their won't be a service issue somewhere in the renewal process.

    If you have lost a domain in this way it may be worth contacting the registrar (nominet for .uk) as they MAY be able to do something if it resulted because of this outage. That said I'm sure .UK's have at least a month cooling off period and for .COM's etc its something like 3 months so I'm a bit surprised someone has grabbed it so quickly.

    Feel very sorry for anyone affected by this. Fasthosts have clearly lost the plot. Their lack of communication is unbelievable as was their decision to change passwords before the letters had a chance of being received. To break web sites via an enforced password change beggars belief. If someone has hacked all their client accounts whose to say they haven't randomised peoples postal addresses too!

  5. Anonymous Coward
    Stop

    There was the clever thing called....

    Back at the dawn of the net, there was this clever little thing called we-all-get-it-cheaper-when-we-buy-together.net (or at least something like that) Now the way i figure it - this disaster must have had an effect on at least 3000 users - paying lets say an average of £20 per month (Resellers included) so thats umm £60,000 a month... which as a group buying Conglomerate i guess would have enough weight to not only negotiate better rates for all but also a higher rate of improved customer services - Anyone up for this????

  6. Ivor griffiths

    Why post them?

    Given the recent publicity concerning the wooden tops at the Inland Revenue and the cost associated with posting out so may letters (probably 75p per letter) one must wonder why such a decision was made.

    Fasthosts are a large and successful business, they are not fools. This is a calculated decision. Sending them by email would be no less secure and of course free.

    What are the advantages of doing so? Delay.

    Has anyone actually had a letter yet? No.

    Why delay?

    Perhaps the hackers told them they were going to shut them down and notwithstanding Police and other security involvement the hackers could not be stopped. National Security issues?

    I just do not believe that Fasthosts management are as incompetent as they appear. We loathe them now but these chaps will be intelligent, business savvy operators who are used to crisis management. It makes no business ense at all for them to have done this.

    But it is not just ftp, sql, httpd that is offline. It is also DNS. The whole system seems to be wide open. Anyone with even one site that is just for the kid's photos should move away, cancel the credit card used and get on with the rest of their lives.

    I always use reloadable cards to pay hosters, just make sure you have s75 protection as well.

  7. Anonymous Coward
    Alert

    Not only are Fasthosts giving us Resellers a bad ruptation.....

    ... They're also ripping us off. OK so Jo Bloggs wants a windows business hosting package - Fasthosts deal - 15 advanced mailboxes (cost to reseller £150 plus VAT PA) an SQL Database (Cost to Reseller £180 PA) and the ASP enabled site (Cost to Reseller £10PA) Load Balancing (cost to reseller £40 PA) plus free this free that free etc etc Jo Bloggs gets this for £15.99 a month - £191.88 PA

    We Reseelers pay £380 just to be able the same service, as a NICE little sideline to our business TWICE AS MUCH - now that's a nice little sideline isn't it.

    Come on Fasthosts surely it's time to stop treating the rest of us like the bunch of tossers YOU are

    And please stop charging us for the things that are standard - ASP / ASP.Net...

    Its a bit like the icecream man charging you for the f***ing cone.....

    OR

    Well I guess we can all find alternative solutions - I mean there are enough discruntled clients on here, to team up and invest the money we currently pay you and open our own data center.......... (thoughts anyone)

  8. Rob

    Fasthosts debacle

    I think that Fasthosts have a bigger problem than they are letting on. This is why they have taken such drastic action without thinking through the consequences.

    I believe last Thursday evening they tried to change all the email passwords on all their servers too. But someone realised that when they did that their customers would not be able to dial in and pick up emails !! and wouldn't know what was going on, or be notified about what they were doing. I say this because there was a period for a few hours where they did change email passwords. My PDA couldn't dial in to their server because the passwords had been changed but then the passwords were changed back.

  9. Anonymous Coward
    Anonymous Coward

    How many?

    75% of 650,000 websites.

    Imagine that.

    No wonder they are engaged.

    Oh Mr Fasthosts, what *were* you thinking.

  10. Anonymous Coward
    Anonymous Coward

    This missive might make you feel a little better (or bitter)..

    "Like a death at a birthday party, you spoil all the fun. Like a sucked and spat-out Smartie, you're no use to anyone..."

    More at:

    http://no2fasthosts.wordpress.com/2007/12/03/for-the-guy-who-came-up-with-the-password-plan/

  11. Anonymous Coward
    Go

    No Apologies....

    Just sat for 1hr 40m in the Farcehosts "tech support" queue and insisted they gave me my cp password. I have a melted ear and burst bladder from the process, but hey, no one said it would be easy. Sods law the password arrives in the post tomorrow (yeah right!).

    At least I can get things moving along now, gonna be a late night, or is that an early morning?

    I enquired about the mail accounts, unbelieveably they are still resetting the whole lot on the 13th. BUT! Once you can get into your control panel, apparently in a day or two, there will be a tool you can use gratis from Farcehosts to list all the email addresses and passwords that are to be reset and they, <shock, horror> will do this for us!!! How's that for good customer service?

    Needless to say I am on the hunt for another reseller account elswhere...

    Night/Morning all :)

  12. Anonymous Coward
    Anonymous Coward

    thats it, i give in

    so i put up with the flooding, the deleted mailboxes, the unhelpful support staff, the unexplained downtime, delayed email, hacked passwords and even had my card details cancelled by the bank after they were passed a 'large list' by the police a few days later, got charged because i couldn't login to update my details with my new card details and finally this weekend lost FTP access at the worst possible time ever

    we changed our passwords and weren't affected the same as some of the people above, and after having bad experiences with nearly every host out there in the last five years thought 'better the devil you know'

    then today we had a problem with one of our databases, and our backup space was inaccessible. all we needed was some extra space on one of the live databases. Called support and got through really quickly (suprisingly), but when i asked for some extra space - the response was "yes, but i can't give an exact time when".

    cue some frantic backing up etc, etc, and moving to a new database instead. So i though sod it, its about time we had a dedicated database server - i'll just get one now.

    ater going through the signup process i discover i have been charged an extra £120.00 somewhere along the line, but have a working server within minutes - happily i log on to find that the server is equipped with sql server 2005, fantastic - if only i'd known that before i woudl have prepared all my databases currently on the shared 2000 servers for an upgrade, but its ok - i didn't want christmas, or january - or a business any more for that matter.

    having looked around the market for solutions, i have finally found one that works for me

    alcohol + passport + plane ticket outta here to somewhere that has no interent access

    i surrender.

  13. Simon

    fasthostshell.co.uk

    They have some info on compensation -

    http://www.fasthostshell.co.uk

  14. Simon

    Also

    I would advise anyone to email working lunch, link on the right of the page located at

    http://news.bbc.co.uk/1/hi/programmes/working_lunch/default.stm

    and maybe they will do a story on it.

  15. Ste
    Alert

    Password Arrived In Post

    Hmmm, I like the fact that they try blame me for not hearing about the 18 oct changeover, the fact being they didnt send the bloody email out in the first place....

    Right off to log into the site.....

  16. Anonymous Coward
    IT Angle

    What problem?

    I changed my passwords but still got affected..what i don't understand is how people have domain hosting and web hosting on the same provider / Control panel?

    All companies will have issues at one point or the other - moving isn't the solution really, think of how many people will move to your new provider after this?

  17. Muddy Boots

    Postie, Postie, where is it?????

    Postie just been with confirmation that my Fasthosts payment has been taken from my card last month, but no password still. I can get into my CPs and emails, but still not able to get into FTP site.

    When, oh when?

  18. Anonymous Coward
    Anonymous Coward

    What does the letter actually say?

    Since Fasthosts wasted a day drafting a letter rather than just sending out a simple letter with your password in, this is a nice analysis of what the letter might mean:

    http://no2fasthosts.wordpress.com/2007/12/04/our-interpretation-of-the-password-letter/

  19. Anonymous Coward
    Happy

    It's here!!!

    Must admit, I had a cheque from the National Lottery in the post for £75000-ish, but a greater excitement was that I had the letter from Fasthosts! This caused enormous pleasure for the following reasons:

    1) It actually arrived!

    2) It worked!

    3) It will now allow me to collect the website and find a proper web host! Goodbye, Fasthosts.

    PS - the £75000 was a joke!

  20. Anonymous Coward
    Stop

    Not giving resellers a good name either

    My FH reseller has yet to reply to my emails since Thursday when the shit hit the fan. No one's told me what's happening. No one's told me when I should have access again. I only know what's going on because of The Register's article.

    If I was just relying on the password in the post it would be bad enough, but to wait for someone else to get the password in the post then be bothered to actually sort things out or even email their customers is beyond frustrating. My reseller didn't even bother to pass on the password reset warning when it went out in October (not that that matters now or would have made any difference given the blanket reset).

    I won't name and shame my reseller for now but I'm pretty tired of being shafted by companies that don't give a shit.

    I understand resellers have a lot on their plates right now, but it only takes a few seconds to email your customers and tell them why they can't access their FTP.

  21. Alastair
    Unhappy

    Passwords working???

    Anyone else having problems trying to get the passwords working?

    I have 3 accounts and I can only get into 1 of them (not the one I REALLY need to get into).

    I have checked usernames against what they sent out when I subscribed and I am doing everything correctly !!!

    arrghhhhh

  22. Mike Knowles

    DNS changes not possible?

    Now that I've got access to my most important domain, I've got one of my business partners to setup a new server for me at a different host. I've added a new glue record at Fasthosts to point new.xxxxxx.xxx at the new server. It should be live now, but it isn't. I guess Fasthosts aren't processing DNS host record requests at present? Anybody managed to successfully transfer anything *out* yet?

  23. Anonymous Coward
    Anonymous Coward

    Any news from FH themselves?

    The fact that there's not even a message on fasthosts website stating that there users could be having difficulty logging in is astounding. Fair enough there holding back from an apology but at least some clue to save there thousands of users from trawling the web for clues..

    Fasthosts sales methods and there actual service have always been poles apart, the fact that there own site is still intent on selling there over priced packages rather than trying to tell there existing userbase whats actually going on is just another example..

  24. Anonymous Coward
    IT Angle

    No password through post yet.

    Add another one to the list for "it's Tuesday and still no password". How about sticking a phone number on the Support Ticket - will they phone?

  25. Jonty Rose

    Fasthosts email password changer

    Hi there,

    not sure if anyone else received this, and it's only a solution to half the problems people are having but see below from fasthosts support:

    ---------------------------------------------------------------

    Please be aware we will be requiring all email passwords that haven't been changed since the 18th October 2007 to be changed in the next 10 days. All unchanged email passwords will be scrambled on Thursday 13th December 2007.

    Whilst we recognise that this is extremely inconvenient for our customers, it remains the only way to be 100% sure that you continue to receive a secure service.

    We will shortly be providing a mass email password change tool to assist with changing your mailbox passwords. This will be available in your control panel and will allow you to download a list of all your mailboxes, and enter a new password for each. Once this is complete, you can simply upload the file to Fasthosts, and we will change the mailbox passwords for you on the above date. This tool can only be used with email passwords.

    You can change your email passwords now however, either in your control panel, or by entering your mailbox details at mcp.livemail.co.uk.

    Please remember that the passwords will need to be changed on any email client you use to download your emails (such as Outlook Express, Outlook or Thunderbird). For assistance with this, please view our knowledge base article at http://www.fasthosts.co.uk/knowledge-base/?article_id=435.

    Under no circumstances whatsoever should you try to reuse any of your old passwords.

    Please note, you will only be able to log into your control panel if you have recently changed your password, or if you have been provided with your new control panel password (either from our support team, or via the letter we have sent you). We expect every customer to have received a letter containing their new Control Panel password in the next few days.

    We apologise for the inconvenience that this will cause your business during this period, but trust you understand that our primary concern is for our customers and for the security of their websites and data. Unfortunately, an automatic password change is the only way of ensuring that all of our customers are totally secure.

    ----------------------------------------------------

    At least you wont stop getting emails!!!

  26. Ivor griffiths

    No letter

    I got a letter yeaterday that was posted second class from London on Thursday. Fasthosts have not posted my letter yet. DNS is still off anyway. Intermittent connectivity, constant barrage of emails from Internetseer telling me it's on again, no off again. The only reason I want the password is to transfer out.

  27. Anonymous Coward
    Alert

    streamline.net same problem!

    streamline.net are definitely having the same problems as FH. They are now going through the same painful process of changing all passwords. This is a quote from their Service Status page:

    "Due to a security update across a number of our servers, we are asking customers to reset both their FTP and Domain Control Panel passwords. Current passwords will no longer be valid and all customers will need to reset these. You will not be able to use your existing password or a previously used password for your new FTP/DCP password."

    Either they are buying their services from FH or this problem is much wider!!!

  28. Name
    Thumb Down

    my password delivered today whoohoo..but....grrrrrrrGRRRRR NOT WORKING!!!!!

    it doesnt log me in for F%$%^&# sake!!!! i cant get through i cant ftp in to remove my files I cant do s*** its ridiculous ...AS SOON AS I GET ACCESS I'M REMOVING MY FILES FASTHOSTS!!!NO MORE MONEY FROM MEEEEEEEE

  29. djberriman
    Alert

    Streamline

    Streamline appear to be hosted at rackspace - so seperate issue?

    4 10.102.240.129 (10.102.240.129) 30.266 ms 168.671 ms 204.099 ms

    5 10.102.240.221 (10.102.240.221) 203.198 ms 183.862 ms 174.135 ms

    6 10.102.57.7 (10.102.57.7) 15.593 ms * 17.085 ms

    7 g3-15.edge3.lon.rackspace.net (195.66.224.116) 16.264 ms 17.779 ms 15.647 ms

    8 vl901.core1.lon.rackspace.net (83.138.138.35) 16.236 ms 15.672 ms 16.108 ms

    9 g1-0-25.aggr3a.lon.rackspace.net (83.138.138.79) 17.553 ms 15.622 ms 16.441 ms

    10 www.streamline.net (212.100.248.206) 16.167 ms 16.171 ms 16.106 ms

  30. Colin Cook
    Unhappy

    I Don't believe it!

    This is the icing on the cake for me. At the end of February the company that hosted my shopping website, Internet central in Keele managed to move my site to another server without backing it up first (as they promised they did every day), guess what they lost the lot! To cut a long story short, Just over a week ago the new re-built from scratch site was uploaded to fasthost by my web designer (we will use our IPS for now, they said). A week of trading, 3000 emails sent to our customers to let them know we were back, pay per click adds taken off hold, then this happens! The irony is if we had uploaded back on Internet central it would still be working! I give up!

  31. Alasdair
    Thumb Up

    Steamline

    Streamline, I'm quite sure, share Fasthost's data centre to host some of their shared hosting services. They therefore probably got blindsided too when Fasthosts hit the big red button. Their main site (homepage) could likely be hosted on rackspace so they have a 100% uptime network

    I got my passwords from fasthosts today, but annoyingly am finding that resetting the FTP password isn't working. This is after 7 hours. So it isn't a simple "it could take 20 mins to update" thing either

  32. Neil Rigby
    Unhappy

    Where's the Support?

    I put in a request for support [previously changed database password not working and probably scrambled] 48 hours ago. I haven't had a reply as yet.

    Any other similar experiences out there?

  33. Anonymous Coward
    Alert

    Be Careful

    This morning i got up, to discover that almost £500 has been taken via Paypal from my bank account. Not blaming Fasthosts on this, just seems a bit of a coincidence.

    If, like me, you used the same password for anything and Fasthosts may have had it, it is a good idea to change it NOW!

  34. Adam
    Unhappy

    Contact tel no

    Has anyone managed to get through to tech support - if so on what number please?

    I STILL haven't received my new passwords.......

  35. David Ryans
    Stop

    The worst treatment I've ever experienced online

    This is just beyond belief, truly staggering - I'm tempted to call it evil!

    So it's nearly a week now - despite having already changed all passwords when they asked I am STILL locked out of my account, website down, have had NO emails of apology or explanation, customer service are ignoring my COUNTLESS emails of increasing desperation, my business is in RUINS.

    Is someone over there taking pleasure in this? It's the only explanation for this sadistic behaviour.

    I finally managed to move the site over to another host after I found an old backup but the damage is done. Just one email with an explanation, just let me login and cancel my damn account! The password letter will never arrive because I no longer live at that address.

    If I get charged for one more month they will be done for fraud.

  36. Muddy Boots

    That's it!

    Had eneough. All out now to get me a new host! That's if I can get the tags. I tried UKReg only to have the call transferred to Farcenet. One prospective new host told me how to go through Nominet. Went to them and they said it'd cost me £10 plus VAT and it could take up to 24 hours to transfer. I don't mind paying that if I could just get these people that know my private email address and phone number, off my back. And I only do it as a hobby and I am retired, I could do without this hassle and at this time of year, I run a Christmas website - no money involved, so I really sympathise you folk who have a living to make.

    It's about time Farcenets came clean on this, because, as I've said before, something doesn't smell quite right and the rumours seem to be going around the industry.

    I STILL haven't had a letter with my passwords in it, but I did get an email last night telling me about the next step in this cock-up - Email Password Change - Thursday 13th. December. I'm not getting any via Farcehosts now, nevermind next week!!!

  37. Anonymous Coward
    IT Angle

    Credit card

    Just had the the credit card we use with fasthosts cancelled...coincidence??

  38. Ivor griffiths
    Jobs Horns

    No letter

    Still no letter. DNS is on now though. I just want to get everything away from them. I hope this causes them to go belly up (but only after I transfer out).

  39. Anonymous Coward
    Go

    dedicated servers are the way to go

    I've used FH's dedicated servers for the last 18 months and avoided disaster here (apart from being locked out my one and only control panel which I received the new password after 45 mins wait on the phone).

    To be honest, shared hosting on FH is an absolute nightmare (i.e. individual or reseller accounts). To be fair to FH, shared hosting has been a disaster for us with other hosting companies too (IXWebhosting in the US being THE worst). We switched away from shared hosting a long time ago because of the atrocious downtime that inevitably occurs, and/or simply the slowness of page loads much of the time. Also, reselling is EXPENSIVE with FH. Want a mySQL database? 29.95GBP a year. Want to use ASP? 10GBP a year. Not to mention: how on earth do you regularly backup the scripts and databases?

    Now some positive words for FH; we've never had any troubles with their dedicated servers in the last 18 months. mySQL databases? Free. ASP? Free. You can backup all of your data easily (how is this possible with shared hosting?). You get to install your own components, and there's simply no downtime (barring the floods of the summer where we had 6 hours of downtime, and a fibre optic cut in June 2006 when we had another 6 hours of downtime) - other than that, things have gone smoothly.

    Perhaps the best thing of all with dedicated servers (whether it's with FH or another company) is that there's no interference - no sudden upgrades of mySQL that break your scripts, no password changes without notice, far cheaper to scale up (no database costs, scripting costs). No bad "neighbours" who steal all the resources and crash the server.

    Whether it's with FH or another host, if you're currently a reseller, I'd recommend moving your domains to a dedicated server and avoid the nightmares. It's not that hard to set-up a dedicated server and once you use them, you wouldn't consider reselling on shared servers again.

  40. Anonymous Coward
    Anonymous Coward

    One week gone

    A week has passed, and I wonder how many people have actually received a letter and then been able to login to their control panel? Like others, I find the whole situation unbelievable. How could a web hoster deliberately change hundreds (thousands?) of passwords, knowing their action would instantly bring down many of the websites (any website that depends on MSSQL, for example).

    Who wins? Not Fasthosts, as they get the criticism and inevitable support call. Not the customer, who now has a dead website.

    With shared hosting, you have to live with the fact that people will try to break into the system. With access to the shared server (through the control panel or FTP) you have a starting point. A new account can be created instantly with a dodgy credit card number (which may not be noticed for weeks) so anyone can have a go. That is just a fact of life for a webhost offering shared hosting.

    So what has gone on this time? Some login details for some FTP/CP accounts have fallen into the wrong hands? Thats a matter for the police (who unfortunately aren't that good at investigating, especially since the previously dedicated team has been merged into SOCA). But what good would these details be? Bring down Fastshosts servers? That has always been possible. Deface some websites? Ok, that's an issue, but easily resolved on a per-case basis.

    It just does not make sense to reset all the passwords. And to then use Royal Mail to send out a new password, to an address which has not previously been authenticated, is pointless.

    Nice to see Fasthosts website wishes you all a merry Christmas though. Nice touch.

  41. Simon Metcalfe
    Pirate

    Just been on BBC2's Working Lunch

    Not sure if anyone saw, but it has just been featured on BBC2's Working Lunch (incuding my telephone interview)... maybe this will finally kick Fasthosts into talking to it's customers as humans and not as cash cows/idiots.

    Also, it's thursday afternoon and I still haven't had my password letter yet... who ever came up with that idea should be first in the Job Centre que on Monday together with the person who thought it a good idea to spin what is clearly their problem/fault and somehow make it our problem/fault !

    As soon as I'm back on (asuming I ever get back on) I'm off and I only hope everyone does the same !!

  42. Richard
    Flame

    I still cant access fasthost (NO SUPPORT EITHER)

    I have been trying to log on to my account for weeks i did not even know about these problems till i discovered this site. My old password no longer works and i cant log in if i select " i have forgotten my password" it says " This service is not available please log on to the support section! HOW CAN I LOG INTO THE SUPPORT SECTION WHEN ONLY LOGGED IN USERS CAN! MY PASSWORD DONT WORK!!

    It then says on the support log in the same "Forgotten my password" you click it ans you get the same message this service is not available.

    You try to call their sales offices or numbers on the e-mails and they are all DEAD!!!

    I want to know whats going on as they just took £50 for last month out of my account and i cant use it or contact them

  43. Muddy Boots

    Blimey! Farshosts were quick this time!

    Like the above poster, Fasthosts took over £50 off me last month and I can't get in anywhere now, no password in the post or anything, so today I took my domain name and left.

    I've been with them since 1999 and this is all the thanks you get. I know I'm only a small user, but the old saying goes - from little acorns grow hearts of oak.

    I've just tried out my CP to see what happens and now I don't exist. Maybe that's why there's no one to help. Fasthosts may be too busy blocking all those leaving.

    It leaves a nasty taste in the mouth. I'll be popping back in here to see the progress, but now I have the job of setting up my mailboxes and FTP.

  44. Paul Fishlock
    Pirate

    Fasthosts incompetence, denial and irresponsibility

    7 days after the security breach Fasthosts have failed to reply to any emails. Updated passwords apparently sent by Royal Mail 6 days ago have not arrived. Their help line takes over an hour to respond. If you do get through and confirm your account number, pin, name and address you will be told that your post code is wrong on their database. Blatantly a false statement since a simple check on http://postcode.royalmail.com/

    will confirm it.

    Told that they cannot send a Fax of passwords as they do not have the facilities, but if you want to send a complaint Fax to…

    Told that they do no have records of compromised information and cannot discuss.

    Told that there are no managers available to discuss further.

    Told to write to them.

    Then they hang up on you.

  45. John Greenwood
    Joke

    Could it be worse...

    I suppose things could be worse.... the Department of Works and Pensions could still decided to reset our National Insurance and Bank Account Numbers the week before Christmas! I can see the Christmas card now;

    Dear Mr NE1011011F (formerly know as GW9087871K)

    Due to our ineptitude we have reset your NI number. Your new record shows you made zero contributions for the year 2007 and therefore you owe us millions - plus a £100 penalty for late payment!

    Happy Christmas

    DWP

  46. Anonymous Coward
    IT Angle

    Phew, I'm back in

    Still waiting for my postal passwords so I spent 45 minutes on hold. I was quickly able to get my control panel passwords for my two accounts. They worked fine and I've now changed everything.

    I do feel sorry for those with multiple accounts.

    I hope they don't get reset on the 13th.

    Stephen

  47. Anonymous Coward
    Anonymous Coward

    Email Password Change Tool Not Available

    Fasthosts sent an email out today claiming:

    "Mass email password changer tool now available"

    Through another blunder, they forgot to actually make it available on the control panel. More at:

    http://no2fasthosts.wordpress.com/2007/12/07/mass-email-change-tool-now-available-not/

    With blunder after blunder, and countless websites still down after more than a week, how long is it going to be before Fasthosts are held to account?

  48. John Rudolf

    Still no posted passwords...

    Fortunately, Fasthosts phoned me and we got the password issue sorted. However, I still haven't received any postal password so God knows how the rest of you guys are coping... Best of luck!

  49. Robert Challess

    Password received, but does not work!

    Password received, but does not work!

    Telephone access seems impossible.

    E-mails are ignored.

    How do I cancel Fasthosts without them continuing to take money from account?

  50. Anonymous Coward
    Anonymous Coward

    Unbelievable

    I have another (very unimportant) website which I want to cancel - simply because Fasthosts host it, and I won't leave payment details with them. I have tried to ring Fasthosts and still (about ten days after their block password change) I start at queue position 38.

    I feel sorry for the poor suckers on the end of the phone. Bet they love going to work!

    Why is there no obvious way of cancelling online?

    I presume everyone got the apologetic email a couple of days ago, thanking us for our patience. Despite this being an important - nay, crucial - contact, there were two spelling mistakes or errors of grammar.

    "Throughout this period we have tried to make the right decisions to minimise the problems faced by our customers, and will continue to do so. We have a responsibility to act to protect our customer's data and, on this occasion, we had to act to fulfil this, even though we were aware of the problems it would cause."

    We have a responsibility to protect our customer's [sic - should be customers'] data. Presumably this should have included encryption of passwords, rather than being saved in a text file.

    They are trying to appear professional - they still say that no blame is attached to them, they have acted thoroughly responsibly.

    Is anyone going to take them to court? Sorry - after sending this dreadful email the company MUST pay and, I hope, go out of business. There is still nothing on their website - according to them it is the best hosting company in the country.

    And this is from someone who hates the compensation culture!

Page:

This topic is closed for new posts.

Other stories you might like