Sign in / up

back to article Fasthosts primes another password reset

Punch drunk Fasthosts customers are set to be hit with a third compulsory password reset next week, as the budget web hosting company scrambles to cope with a major security breach. The latest system-wide wipe will affect people who run dedicated servers, have bought backup storage at the firm's Gloucester data centre, and who …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Brian Hughes
    Thumb Down

    Complete Farce

    After arguing by email with this excuse for a business with regards to password resets even after I changed passwords as requested, receiving the letters with passwords that didn't work then wanting me to waste more money on calling them to get cut off after an age on hold (numerous times) I gave up. I have now moved all my services away to a competent company. What a joke.

    0 0
  2. A Marlow

    Fasthosts has the same level of security competency as other ISPs

    Until fasthosts stop using insecure protocols like ftp, telnet and rlogin, until they stop storing passwords in plaintext, until they redesign their login pages so that usernames and passwords do not go over as plaintext, then they will be the same as all the other ISPs. All ISPs seem to make these fundamental blunders, making them all as bad as each other.

    0 0
  3. Shell
    Thumb Down

    SLA?

    What kinda of SLA do Fasthosts offer their clients? There must be some sort of uptime guarantee in customer contracts. If all these password reset bring your sites down, through no fault of yours, surely this would count as downtime? Really glad we're not hosting anything with this joke of a company. Any customer that sticks with them after this mess will get everything they deserve I suspect...

    0 0
  4. Francis Fish
    Paris Hilton

    Losing customers

    We're moving most of our stuff away, apart from the free POP email services.

    I subscribe to a North of England IT mailing list and have seen several mails saying others are ...

    Not to mention that the data centres seem to be in the flood plain ... or the comms to them are anyway ...

    0 0
  5. Anonymous Coward
    Anonymous Coward

    @Shell re: "SLA?"

    "What kinda of SLA do Fasthosts offer their clients? There must be some sort of uptime guarantee in customer contracts. If all these password reset bring your sites down, through no fault of yours, surely this would count as downtime?"

    Many ISPs exclude theft, mailcious efforts etc etc from the SLA. No idea if Fasthosts do, don't use them, don't care enough to read the SLA.

    I also know at least one major company that counts your downtime not from when the service fails, but when they decide it's down (which they term as "after you notify us, and after we've performed initial troubleshooting" - which leave them open to leave everything down for weeks while they do "initial troubleshooting" and then claim it was down for 1 minute. Go figure.

    0 0
  6. Kirrus
    Flame

    Try reporting a crime to the High Tech Crime Unit...

    We suffered a DDoS attack recently. What did the HTCU say about it?

    "Sorry, we're not smart enough to help you."

    And they wonder why internet crime is on the rise?

    0 0
  7. John Warlow
    Unhappy

    Falling over themselves trying to fix the breach

    I received an email with a pdf detailing two passwords that need changing. The first one I already changed after their security breach. The 2nd I can't change as Fasthosts have already changed it and haven't told me what it is in order to login to change to a new password! Muppets!

    0 0
  8. Anonymous Coward
    IT Angle

    mess

    I work for a company which has been affected by this, and the amount of time thats had to be dedicated to password changing is unreal, its a huge task and we don't even have that many to deal with.

    How such a giant cock-up could of happened is a complete mystery to me. it feels like somebody left the passwords database with the keys in the ignition, the windows wound down and parked in a secluded spot next to a sign saying "free ride".

    budget hosting services shouldn't be synonymous with the word incompetent.

    osql -E -S database.fasthosts.co.uk

    backup database allpasswords to disk='c:\database.bak';

    go

    exit

    ftp ftp.fasthosts.co.uk

    cd\

    binary

    get database.bak

    0 0
  9. Anonymous Coward
    Pirate

    re: SLA

    I think you'll find your SLA with fasthosts covers the servers being up.

    They are up....just because you can't access them doesn't mean you can claim under the SLA.

    You pays your money you makes your choice.

    Perhaps if your sites are that critical you should consider paying more per month...........things are cheap for a reason.......

    0 0
  10. Paul Mcnally

    Takes the biscuit now...

    So not only have I been unable to log in to change my website and update my card details after I had a new one issued by Barclays after my card was cloned, I finally manage to get my new password, log in, change my card details and they have just 'fined' me £20+VAT for an admin charge because my payment was late!

    I hope they crash and burn.... needless to day they have had a hell of an email from me which they will ignore!

    0 0
  11. Smell My Finger

    It's cheap

    It's cheap, you get what you pay for.

    If your web site has any kind of value then you don't go to the equivalent of Tesco's Value range.

    0 0
  12. Jan
    Flame

    Will leave ASAP

    I foolishly paid 12 months in advance for an exchange box with them. Today, I cannot log onto either my email nor access my fasthosts accounts with them.

    I have tried telephoning them all day but the line is constantly engaged.

    I have tried emailing them but my emails are rejected automatically because I am not including my account PIN in my email which I can get when I access my fasthosts account... but as I can't access fasthosts account to begin with I now have NO way of contacting them apart from getting in my car and driving up to their offices and screaming blue murder.

    As for this PIN, well, I have never heard of having a PIN, have not been sent a PIN in any email nor in the Post. Worse, I have just done a google and discovered that fasthosts are resetting passwords left, right and centre after a major security breach... and customers are fuming! Apparently they have sent out new passwords in the Post to people... but not to me they haven't! What a BIG disaster!!! I cannot believe how such a cock-up can be achieved!

    Each time I call their 0870 number I am being charged to listen to an engaged tone. I am wasting time ringing them up and I have no emails that I rely on as a business.

    IMPO, what a wank company! Avoid IMPO!

    0 0
  13. Dan K
    Thumb Down

    Useless

    I have a couple of domains registered with these idiots and unfortunately they are on (system default) automatic renewel, so they store my bank card details on their crappy servers. Last time they got hacked I sent them an email asking if my card details were read - their reply was "probably".

    I'd love to meet the people who this 'operation', they deserve a proper good kickin.

    0 0
  14. Anonymous Coward
    Go

    I like

    We were compared to fasthosts last year in terms of why cant you be as cheap, luckily the customer is now very aware as to why we are not so cheap.

    In fact were going to be more expensive now.

    0 0
  15. Jan
    Unhappy

    Can't believe this

    Finally got past the engaged - about 9.15 PM Dec 13th - tone on their 24 hour helpline, was number 59 in the queue, 15 minutes later I was number 49 and seemingly stuck there.

    They kept playing an automated message saying that you could request a new password from their web page by typing in your username. How idiotic is this because if you do request a new password from their website it goes to your fasthost email address which, as your email client does not yet have the new password in the account settings, you cannot pick up the email with the new password in.

    How sodding stupid is that? I mean, did they not stop and think that one through? You have to be incredibly stupid not to figure that one out.

    Anyhow, gave up after hanging on their helpline for 15 minutes waiting to go up to 48, 47. It will be hours yet.

    I am definitely taking them to the small claims court to get my money back.

    I work in IT and several years ago we did an email address change for several thousand users at a big UK corporate. We spent weeks, literally weekes, with excellent IT contractors going through the detail time and time again... and again and again... working out the pros and the cons, the rollback options... what happens if this happens or that happens... we planned for every possible option and every option that could go wrong.... and then we tested it out on a handful... and then a handful more until we were certain and then we did the change over in stages verifying everything along the way.... the way that professional IT professionals do this kind of thing....

    Not impressed with fashosts at all. I cannot believe they are still in business after this. Again, I have received no letter, no email, no text, nothing from them warning me of a password change! NOTHING! And now I am locked out of a service that I, in good faith, paid 12 months in dvance for. I want my money back and I loss of earnings also! I think the small claims court will understand why I feel justified in this.

    Incredible that on the 13th they decide to change my password also - the 13th! I wonder how many hundreds, thousands are in the same boat as myself!

    0 0
  16. Ivor griffiths

    ICO - No power tp intervene at all.

    The information Comissioner's Office advised me when I complained about a bank failing to send copies of my statements that I should ask for my bank charges refund via the Financial Ombudsmen Service (anothe QUANGO) who have actually suspended dealing with complaints until the test case is resolved.

    If I hadn't been a retired impoverished lawyer I would have been stuck waiting forever to get my money back. As it is I issued a summons, got five grand and am still waiting for the statements. The ICO actually has no powers at all - they should be making sure that the victims are protected and prosecuting the pea brains responsible.

    Every customer affected should issue a claim, there is no costs risk up to five grand, if there are even only a couple of thousand summonses issued they are finished.

    It may not be their fault that they got hacked but their failure to consider the implications of their approach demonstrates a failure to apply basic logic to very simple problems. So my guess is that it's a straightforward case of negligence, of such crass stupidity that they have probably lost the lot: bank details, addresses, dates of birth, customer databases, phone numbers, emails, purchase history, card numbers, cvv numbers - everything. And who knows how long it has been missing. Fasthosts won't that's for sure: don't know their arses from their elbows lets face it.

    As customers, many of whom may have effectively been shut down by these lamers, we should retaliate. My password still doesn't work even after they sent the postal one.

    As a community of webmasters, internet businesses and hobby site owners we should make a stand and take them out. The press releases are enough to get summary judgement in my view.

    0 0
  17. Andy Livingstone

    Fast Hosts

    Circular logic? After reporting that their "new" password would not work I'm told to log into support. What do I need to get into Support??

    Phoned and was number 47 in a queue at what was supposedly the least busy period and this at 0870 rates. Now told it must be my fault for mistyping while attempting to log in.

    Oh yeah??

    0 0
  18. Anonymous Coward
    Joke

    Well I'm back in on both of my UKreg accounts...

    I have held off phoning them as I've not had a requirement to get into my domains to administer them (this is the only thing I have with them) plus I am not spending obscene amounts of credit on my mobile waiting at queue position 61 for a screw up caused by nothing more than their own incompetence.

    I have two UKreg accounts, one business and one personal. Today, I have just received the business account password in the post. And magically, this has worked. So I have now reset this account with an alternative (different from original) password.

    But I'm still waiting on my personal password - but hold on, it would seem I no longer need to wait because, having just checked the UKreg website, they have re-enabled their "forgotten password" feature so I just got their systems to email me the password for this account! So I'm now back in on both accounts, no problems at all.

    But what's the betting, after all this, and the inconsistency by which they have dealt with my two accounts (and presumably, everyone elses where people have phoned them up to obtain passwords), that they go ahead with another random obscure password change leaving me right back at square one. I think the sooner I move my domains off these loons, the better as I really cannot be doing with dealing with any more of their s**t and wiping their ass to boot whilst they struggle to deal with a screw up which, ultimately, is of their own doing (storing passwords as plain text in a database).

    Good luck to anyone who remains with them because I do honestly believe you are going to need it.

    0 0
  19. Anonymous Coward
    Happy

    LOL

    Quote by AC

    -------------------------------------------------------------------------

    We were compared to fasthosts last year in terms of why cant you be as cheap, luckily the customer is now very aware as to why we are not so cheap.

    In fact were going to be more expensive now.

    -----------------------------------------------------------------------------

    /end Quote

    I like the idea of putting up our prices and justifing it by "Well we are not Farce Hosts"

    Thats made my day :)

    0 0
  20. Jan
    Thumb Down

    Almost midnight and still around position 50 in their queue!

    Just rang up and was at position 59 again... odd how it is always position 59 when you get through.... at 10 to midnight... Waited about 5 minutes to get to 53 so at this rate on a premium 0870 number I should get seen about 3AM in the morning after having run up a huge phone bill.

    What a, IMPO, Mickey Mouse operation. I would like to hear more about Ivor's Summons option compared to issuing a writ in the small claims court! This has cost me a great deal of time, hassle, money and stress today!

    0 0
  21. yeah, right.

    Sweet scam!

    Wow. All these people calling the premium number to get back into their accounts, and look - Farcehosts is doing it again! I guess their accountants figured they needed the end-of-year financial boost to make up for the drop in clients in the new year.

    I'd love to see how much their profits went up every time they cocked up, because it's starting to look like making mistakes is actually profitable for them!

    0 0
  22. Anonymous Coward
    Anonymous Coward

    sayno to 0870

    Not sure of the Fasthosts 0870 number but don't forget you can use www.saynoto0870.com . They have several fasthosts entries and list the numbers that these are forwarded to.

    0870 8883600 - 01452 541499 also 541250/251/252

    0870 8883400 - 01452 541253/254

    0 0
  23. Anonymous Coward
    Alert

    What An Absolute Joke....

    I've just received an email from Fasthots telling me that one of the many servers i have with them has not had it's admin password changed...

    This comes even after i emailed their support and sales people to tell them that we always change the password after a server is provided! This way they have no record of the password we are using...

    The email advises that they will change the password on the 19th... I'd like to see how!

    I've just sent yet another email to them to which i will get absolutley no reply whatsoever....

    0 0
  24. Andy Livingstone

    Pure coincidence

    The day after I told "Support" that I was likely to cancel my account two emails arrive confirming that payments have been taken from my card account.

    I am so relieved that their accounting system still runs smoothly.

    The timing of the charge is, of course, entirely coincidental.

    0 0
  25. Anonymous Coward
    Stop

    re: Almost midnight and still around position 50 in their queue!

    >>Just rang up and was at position 59 again... odd how it is always position 59 when you get through

    It's not odd at all - they'll have 2 PRI lines (ISDN30e) and there will be a couple of channels reserved from emergency calls.......

    0 0
  26. Mark
    IT Angle

    @Anonymous Coward

    You don't need to know a password to reset it, how long have you worked in IT???

    Secondly it wouldn't surprise me to find out they are still storing passwords in plain text so they can just look at the DB and read out your existing password if they wanted to anyway.

    0 0
  27. DC

    UUUUUUUUUUGHHHHHHHHHHHHHHHHHHHHHHHHHHHHH

    I HAVE BEEN HOLDING TO SPEAK TO CUSTOMER SERVICE SINCE 3.50 TODAY, I'M AT NUMBER 4 NOW

    0 0
  28. Anonymous Coward
    Anonymous Coward

    RE: Michael - Cheap at half the price....now you know why...

    <Michael quote>

    Think back to the "decision process" and the money you saved.

    "It's cheap boss"

    "But is it good?"

    "It's cheap boss"

    "Yes, but what about security and uptime and..."

    "It's cheap boss"

    </Michael quote>

    .. I think in reality it would more be a matter of IT guy getting quotes from good companies, and the boss saying:

    "Too expensive, get something cheaper".

    ...Cycle continues until you get something that satisfies the boss and depresses the IT staff, as you can bet they have to take the blame not the boss.

    0 0
  29. Steve Cole
    Happy

    Bye Bye Fasthosts

    I have just recovered my password via the website and taken the opportunity to transfer away 15 domains from them.

    Bye bye Fasthosts.

    0 0
  30. M Ayland

    Try a Fasthost Visit

    No being able to get any response from either email or telephone from Fasthosts I tried a visit to their Gloucester Offices. There the reception guardian was most rude and contemptuous When asked if he knew what a Customer was his response was that it was not his job to know. His manner was vindictively pleased that we had problems. I have since written to the Joylon Ryall who has the farcical title of Director of Customer experience to tell him where he can experience my account.

    This company cares absolutely nothing for its customers

    0 0
  31. Jan

    This is incredible

    I still have no way of contacting this company.

    I cannot get through on the telephone.

    I get my emails bounced back because I do not have a PIN which I can only access via my fasthosts account but I cannot access that because the stupid sods went and changed my password.

    I still have not received a letter, a text, an email - NOTHING - from them and hence my business, which relies on email, is now unable to send or receive any email.

    This is scandalous and I am going to sue this company to get my money back and to get compensation for my wasted time.

    I cannot even transfer my domain name away from them because I am unable to get through to them.

    0 0
  32. William Hunter

    Idiots

    I have over 100 domains within my fasthosts account. Some of which have 30 odd email addresses! I'm a lone web developer on a mission here to change and update every one of my customers email accounts. I also run joomla websites off of MYSQL servers, which they also reset, bringing the sites down to a halt.

    I mean what logic is there changing every single password for every one of their customers and expecting us to sit back and do nothing but accept it?

    There must be credit card numbers involved here somewhere, as this seems to be alot of hassle for passwords and ftp access.

    This recent farce could sink my company as I simply cannot afford to spare the time and effort waiting on the phone to get what I need.

    I have asked for a refund twice now and haven't had any reply!!

    What a bunch of monkeys!!!

    I pay these guys arounf £2000 per annum and what for? So they can watch me go down the tubes!

    MERRY F(&(£KIN CHRISTMAS TO YOU AS WELL FARCEHOSTS

    0 0
  33. Jan

    I think it is time we all started calling the Police & Credit Card companies

    This is the LUDICROUS email I get back from fasthosts automated support line.

    'Thank you for submitting your support request to Fasthosts. We will deal with it as quickly as possible. If your request relates to your control panel password we are pleased to be able to tell you that we have been able to turn on the password reminder facility for all Fasthosts accounts and that you can now have this password sent to you via the email address associated with your Fasthosts account. You can take advantage of this feature by visiting https://www.fasthosts.co.uk/login/forgotten-login/ We would like to thank you for your understanding and for your cooperation with us in completing the important task of updating your Fasthosts passwords. Kind regards, Customer ServicesFasthosts Internet Ltd.'

    In other words they will send you a password to your account email but as THEY have CHANGED the password you cannot access your account email to view the new password.

    Gee, this is so fundamental. Didn't they think this one through. What a complete cock-up!

    0 0
  34. Jan
    Thumb Down

    Paid Nominet

    Just had to pay £11.75 to Nominet to move my domain name away from Fasthosts so...

    That is £120 down the drain for an exchange box I took out with Fasthosts in the Sept/October.

    £11.75 to Nominet to move my domain name

    £60 to open a new exchange mailbox account with another ISP

    Plus all my calls to Fasthosts 0870 premium number

    The cost of my wasted and stressful time

    I personally think if anyone stays with Fasthosts, let alone opens a new account with them, that they are insane after this mess.

    0 0
  35. William Hunter

    Alternative Reseller Options?

    Can anyone recommend a reseller package that gives the same functions as fasthosts? Exchange Mailboxes are key to my business.

    0 0
  36. Webcrawler2050
    Alert

    We moved.. join the boat

    We moved to www.sar-hosting.co.uk and it would seem so have a lot of other people, they helped us alot, they rang up Fasthosts, waiting forus and transfered all of our data. It was a easy as 1-2-3

    http://forums.sar-hosting.co.uk/showthread.php?t=67

    http://forums.sar-hosting.co.uk/showthread.php?t=66

    They also have 24/7 live chat as well

    Perfect in my eyes.

    0 0
  37. Simon

    Arrrggghhhhh

    Seems that this issue is going to cost fasthosts plenty of cash.

    http://www.fasthostshell.co.uk

    0 0
  38. Anonymous Coward
    Alert

    FTP access problems

    Anyone still having FTP access problems?

    Ever since the forced password re-set I have been unable to access any of my FTP accounts (and one that is hosted with streamline.net). Fasthosts have said it must be at my end but nothing has changed at my end. I've explained to Fasthosts, more that once, that my FTP access has been working for quite a number of years with no problems until the forced password re-set but they keep telling me it must be at my end.

    I'm now losing the will to live!!!

    0 0
  39. Dr. E. Amweaver
    Paris Hilton

    Happy SLAppers

    Their press section praising the speed of response of their support team gave my a wry, simple chuckle.

    Having support mails answered promptly is good.

    Having them answered correctly by someone whose IQ points exceed that of a termite, a non-animated chipmunk or the current US President would be better.

    Having them answered by someone who actually knows more than you do about the relevant system, has the right experience to fix the problem, has the right access level and the time to do it promptly would be ideal.

    Now if they did THAT, that would be worth a press release.

    You may say I'm a dreamer... but I'm not the only one...

    0 0
  40. Anonymous Coward
    Alert

    RE: FTP Problems

    Could it be they are blocking FTP access so people cannot leave?

    0 0
This topic is closed for new posts.

Other stories you might like