Domainfactory, one of the largest web hosting companies in Germany owned by GoDaddy recently suffered data breach that led to sensitive customer data being compromised.
The attacker confessed about the infringement earlier this year and shared internal data of several customers as evidence at company’s support forum. However Domainfactory believed that it was a rumor spread by the attacker to create confusion in the forum. Heise- A publishing house based in Hanover, Germany viewed the forum post which is now deleted where the attacker claimed to have accessed the systems and spread the news about the data breach.
The attacker who alleged to hail from Austria created a Twitter account “@NaHabedere”. A thread was created there where customers asked the hacker about their data as DomainFactoy did not respond to their requests. This happened all before DomainFactory’s disclosure of the news about the data breach.
The evidences were later analyzed and it was confirmed that the attacker has indeed tapped customer data.
The attacker claimed to have attacked the hoster back in January this year to obtain the data of some person who allegedly owed him a seven – figure amount. He planned to use the breached data to extort the victim.
Later the attacker reported about the potential vulnerability to DomainFactory that enabled him to break into its servers. It turns out that DomainFactory misconfigured an error log, simplifying the attacker’s task considerably. The attacker revealed that he took control of a single shared server that hosted the website of the DomainFactory customer who owed him money. He then interrupted in the internal DomainFactory network from there. The culprit claims to have retrieved the record of selective customers and that he wanted to use it as an evidence to prove that he really had breached into the host systems.
However the hosting provider did not respond and the fact that Domainfactory refused to communicate the news of data breach to its customers compelled him to take the matter into his own hands who posted a disgruntled note to disclose his hack.
In response to this, Domainfactory immediately took down their website, disabled their support forum temporarily and initiated an investigation into the matter.
DomainFactory finally confirmed the breach, revealing that an unspecified number of customer’s personal data had been compromised that included:
That’s a whole lot of information that can be misused by cyber-criminals to launch social engineering attacks against the customers. However, attacker probably could not gain access to accounts of customers as the passwords for DomainFactory customer menu appears to be in hashes in the database.
DomainFactory advised its users to change passwords for following services and applications:
Other online services where users use the same password were also recommended to be changed with a strong password that is difficult to crack. So far no casualties related to identity thefts or account hacking have been reported but victims are still recommended to monitor their bank statements for any unauthorized transactions.
Is the forum website still down? Will DomainFactory face the full extent of new GDPR regulations? These are the few questions that we still need to look into.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.