Sign in / up

back to article Web biz DomainFactory confirms: We were hacked in January 2018

German hosting company DomainFactory has taken down its forums after someone posted messages alleging to have compromised the company's computers. Acknowledging the attack, the GoDaddy-owned (via Host Europe, acquired in 2016) company has advised customers to change their passwords and detailed the extent of the data breach …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Nattrash
    Alert

    Schufa?

    >>> “ the following categories of data: Customer name; Company name; Customer number; Address; E-mail addresses; Phone number; DomainFactory Phone password; Date of birth; Bank name and account number (eg IBAN or BIC); and Schufa score”

    Huh? Schufa score? As a standard entry?

    For people unfamiliar with German Schufa: it's a credit check private company

    Now, I'm pretty sure this is not a common question, or even data "average" Germans know the answer to, or for that matter, have access to. This kind of implies that the hosting company is pulling up all your financial details by default? For buying a TLD (e.g. an .de ≤ € 0.99*)? Maybe I'm an old, paranoid, asocial, "have nothing to share" fart but... WTF? Please tell me I'm wrong...

    6 0 Reply
    1. Charlie Clark Silver badge
      Reply Icon

      Re: Schufa?

      Checking SCHUFA scores is routine in Germany. Note that it's one of the reasons why we get to pay by invoice rather than some kind of dodgy online payment provider.

      0 0 Reply
  2. Dave_uk
    Stop

    STOP storing personal/sensitive data in plain text

    This type of data should be encrypted in the db, then it is far more difficult for the hacks to get the raw data WHOLESALE.

    All too often seems they hack the db and have all the data they need as its stored in plain text.

    ENCRYPT personal/sensitive data and avoid this (or at least make it more difficult by encrypting it).

    4 0 Reply
    1. GnuTzu
      Reply Icon

      Re: STOP storing personal/sensitive data in plain text

      I'm beginning to think this will be the way of the future, under the defense-in-depth paradigm.

      0 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: STOP storing personal/sensitive data in plain text

        For security management looking to make headway on earning a "Get Out of Jail Free" card with auditors for when a breach occurs, "Encrypt Everything Everywhere" is the way of the now.

        It's not everything that needs to be done, of course, but it's a huge start.

        2 0 Reply
    2. Charlie Clark Silver badge
      Reply Icon

      Re: STOP storing personal/sensitive data in plain text

      Inasmuchas the breach wasn't related to access to the database I'm not sure how this would help. The problem was exposing the information via some kind of feed.

      Encryption is good but doesn't solve all the problems.

      0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like