back to article Website admin cPanel hacked, loses a bunch of folks' contact details

Website administration firm cPanel told customers that it had been hacked over the weekend, potentially exposing contact information in the process. Customers' names, contact details, and encrypted (and salted) passwords were publicly aired due to a series of unfortunate events. Payment information, kept on a separate system …

  1. fnj

    "Passwords encrypted and salted"

    Does he really mean "hashed and salted"? The hash algorithm and amount and randomicity of the salt matter. There is no excuse not to have SHA-512, 5000 or more rounds, and at least 32 bits of hash.

    1. Anonymous Coward
      Anonymous Coward

      Re: "Passwords encrypted and salted"

      Nobody should be calling a hash function directly for passwords. PBKDF2 or bcrypt are key derivation functions which wrap the minutiae, and expose a standard API.

  2. Ivan Headache

    This probably accounts

    for all my email addresses addresses going bonkers this afternoon.

    Constant password failures with some accounts working one way but not the other - ands others working the other way round.

    Seems to have sorted itself now but it looks as though its password changing for most ofthis evening.

    On top of that, our supersonic Panasonic plasma refuses to power-up (just as Granny turns up to stay for 6 months!)

  3. Anonymous Coward
    Anonymous Coward

    Cpanel has grown to be a Virus IMHO

    After seeing the long list of vulnerabilities disclosed yesterday, including one rated at 10, I tried to remove Cpanel from our Linux servers. It is almost impossible. Eventually found a CRONTAB resurrecting all the pieces we had managed to kill. A virus has attack vectors - check - persistence - check- is resistant to removal - check. Their software has grown incrementally since I first used it in the 1990s. I would be surprised if there is anybody left in the organization who has a grip on the entire system... a catastrophic zero-day is inevitable, IMO...

    1. Captain Scarlet Silver badge

      Re: Cpanel has grown to be a Virus IMHO

      I assume as cPanel and WHM's primary use is for hosting websites you don't need to host any website, so why not just reinstall the OS?

  4. bill 27

    "Passwords ought to be safe too, but cPanel is taking the opportunity to get customers with older password encryption to change up anyway." old is old? At least gimmee a hint!

  5. Anonymous Coward
    Anonymous Coward

    Headline Error

    "Website admin cPanel hacked, loses a bunch of folks' contact details"

    Looks interesting, I thought to myself; how are they going get in touch with their customers if they've lost the contact details? Call me pedantic, but in I.T. you really do need to be pedantic if you want your systems to work as intended.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022