back to article Hacker breaks into ThrustVPS, launches phishing attack from firm's own servers

Virtual private server firm ThrustVPS has taken the unusual step of admitting it had suffered a phishing attack. Rather than taking the time-honoured solution of just pretending nothing had happened and correcting the issue on the sly, the VPS provider sent an email to customers 'fessing up to the attack. "The phishing attack …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Thumb Up

    Bravo!

    Now doubt other will slasg them off....how can this happen...fully patched....Linux blah, blah, blah.....weka passwords, drone drone drone...

    But I'd rather a company fess up and say, ooops we screwed up, than the usual bullshit...our customers data is always, blah, blah, blah.....

    1. Trevor_Pott Gold badge

      Re: Bravo!

      Indeed. Companies that behave honorably but occasionally screw up are preferable to companies that are hostile towards honourable behavior but screw up ever so slightly less.

  2. No such thing as an Anonymous Coward
    Boffin

    whmcs...

    About as secure as Swiss cheese

  3. Daemon-Byte

    Well that would explain the email I got from "thrustVPS" claiming they needed me to tell them my vps password, username, paypal address etc. Given that I was born with more than half a brain that went straight into the trash. Not that I have a vps with them anymore anyway.

  4. Crisp

    Nice to see ThrustVPS setting a good example.

    I'd like to see more companies displaying that kind of honesty.

  5. Anonymous Coward
    Anonymous Coward

    Not alone

    At least ThrustVPS are in good company after Linode suffered another security breach recently and have kept quiet about it...

    https://forum.linode.com/viewtopic.php?f=7&t=10790&sid=be111f07b40c14235d0eebb43cbc4f8a

  6. Aidan Thornton
    FAIL

    I think you're giving ThrustVPS rather too much credit for owning up to this. A number of past customers - including myself - got phishing e-mails demanding our credit card details and PayPal passwords that didn't just look like official e-mails from ThrustVPS but were actually sent from the same ThrustVPS e-mail server as their genuine e-mails. All the headers were literally identical to the genuine article. They could hardly not own up because this information was all over the relevant forums by the time they did and it was obvious they were thoroughly compromised (or scammers themselves).

  7. Morten Bojsen-Hansen

    Don't believe their lies

    I am (as of this incident) a former ThrustVPS customer. People are indeed giving ThrustVPS too much credit, and you shouldn't believe their lies. They claim the hackers didn't have time to copy the customer database. Then how come several users report (on social media) that they have had their VPS's taken over due to this breach?

    Well, this happened to me too. I wake up to an automated e-mail from ThrustVPS that someone had logged into the control panel in the middle of the night (such an e-mail is sent out every time someone logs into the control panel). I also notice that the RSA key for my VPS has changed. I log in the the ThrusVPS control panel to check what's up. From the logs I see that someone has logged in and reinstalled the OS, wiping all my data. I contact ThrustVPS and they tell me that reinstalling the OS is irreversible and all my data is lost.

    ThrustVPS offers me some small compensation, but I ask them to refund me for my last payment and cancel my services instead. They agree to refund me, but only the part not already used. I thought the least they could do was refund me the whole thing... but I just want to move on, so I don't fight it.

    While waiting for the refund to take place, I noticed several other IP's logging into the control panel of my VPS and playing around with rebooting and reinstalling the OS. Either the customer data is published somewhere or the same hacker is masking his IP to login several times to play around. Either way it certainly looks like the customer data *was* indeed breaches.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021