Hacker breaks into ThrustVPS, launches phishing attack from firm's own servers Virtual private server firm ThrustVPS has taken the unusual step of admitting it had suffered a phishing attack. Rather than taking the time-honoured solution of just pretending nothing had happened and correcting the issue on the sly, the VPS provider sent an email to customers 'fessing up to the attack. "The phishing attack …
I think you're giving ThrustVPS rather too much credit for owning up to this. A number of past customers - including myself - got phishing e-mails demanding our credit card details and PayPal passwords that didn't just look like official e-mails from ThrustVPS but were actually sent from the same ThrustVPS e-mail server as their genuine e-mails. All the headers were literally identical to the genuine article. They could hardly not own up because this information was all over the relevant forums by the time they did and it was obvious they were thoroughly compromised (or scammers themselves).
I am (as of this incident) a former ThrustVPS customer. People are indeed giving ThrustVPS too much credit, and you shouldn't believe their lies. They claim the hackers didn't have time to copy the customer database. Then how come several users report (on social media) that they have had their VPS's taken over due to this breach?
Well, this happened to me too. I wake up to an automated e-mail from ThrustVPS that someone had logged into the control panel in the middle of the night (such an e-mail is sent out every time someone logs into the control panel). I also notice that the RSA key for my VPS has changed. I log in the the ThrusVPS control panel to check what's up. From the logs I see that someone has logged in and reinstalled the OS, wiping all my data. I contact ThrustVPS and they tell me that reinstalling the OS is irreversible and all my data is lost.
ThrustVPS offers me some small compensation, but I ask them to refund me for my last payment and cancel my services instead. They agree to refund me, but only the part not already used. I thought the least they could do was refund me the whole thing... but I just want to move on, so I don't fight it.
While waiting for the refund to take place, I noticed several other IP's logging into the control panel of my VPS and playing around with rebooting and reinstalling the OS. Either the customer data is published somewhere or the same hacker is masking his IP to login several times to play around. Either way it certainly looks like the customer data *was* indeed breaches.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
