DomainFactory Hacked !

Domainfactory, one of the largest web hosting companies in Germany owned by GoDaddy recently suffered data breach that led to sensitive customer data being compromised.

The attacker confessed about the infringement earlier this year and shared internal data of several customers as evidence at company’s support forum. However Domainfactory believed that it was a rumor spread by the attacker to create confusion in the forum. Heise- A publishing house based in Hanover, Germany viewed the forum post which is now deleted where the attacker claimed to have accessed the systems and spread the news about the data breach.

The attacker who alleged to hail from Austria created a Twitter account “@NaHabedere”. A thread was created there where customers asked the hacker about their data as DomainFactoy did not respond to their requests. This happened all before DomainFactory’s disclosure of the news about the data breach.

The evidences were later analyzed and it was confirmed that the attacker has indeed tapped customer data.

The attacker claimed to have attacked the hoster back in January this year to obtain the data of some person who allegedly owed him a seven – figure amount. He planned to use the breached data to extort the victim.

Later the attacker reported about the potential vulnerability to DomainFactory that enabled him to break into its servers. It turns out that DomainFactory misconfigured an error log, simplifying the attacker’s task considerably. The attacker revealed that he took control of a single shared server that hosted the website of the DomainFactory customer who owed him money. He then interrupted in the internal DomainFactory network from there. The culprit claims to have retrieved the record of selective customers and that he wanted to use it as an evidence to prove that he really had breached into the host systems.

However the hosting provider did not respond and the fact that Domainfactory refused to communicate the news of data breach to its customers compelled him to take the matter into his own hands who posted a disgruntled note to disclose his hack.

In response to this, Domainfactory immediately took down their website, disabled their support forum temporarily and initiated an investigation into the matter.

Compromised Data

DomainFactory finally confirmed the breach, revealing that an unspecified number of customer’s personal data had been compromised that included:

• Customer name
• Date of birth
• Resident address
• Telephone number
• Email Address
• Customer account ID
• DomainFactory Phone password
• Bank name and account number
• German credit score

That’s a whole lot of information that can be misused by cyber-criminals to launch social engineering attacks against the customers. However, attacker probably could not gain access to accounts of customers as the passwords for DomainFactory customer menu appears to be in hashes in the database.

DomainFactory Hacked – Outcome of the Attack

DomainFactory advised its users to change passwords for following services and applications:

• Customer password
• Phone password
• Email passwords
• FTP / Live disk passwords
• SSH passwords
• MySQL database passwords

Other online services where users use the same password were also recommended to be changed with a strong password that is difficult to crack. So far no casualties related to identity thefts or account hacking have been reported but victims are still recommended to monitor their bank statements for any unauthorized transactions.

Is the forum website still down? Will DomainFactory face the full extent of new GDPR regulations? These are the few questions that we still need to look into.

Hits: 157