servaRICA Account Compromise
Yikes. From servaRICA this morning.
We are sad to inform you that we have identified unauthorized access to the list of our users IP addresses/domain and their initial passwords (the VPS or shared hosting password you get when you first signup with us or when you reinstall through our client area)
What was leaked is the following
1- IP address or hosting account name
2- encrypted VPS or hosting account password
3- VPS internal name
While the passwords in the list are encrypted, the encryption is 2 way and can be reversed which is why we are acting extremely fast to mitigate the security risk.
Since some of our users never change the default password that they get and many don’t use key authentication we decided to immediately change all our users root/Administrator passwords
We did go through all accounts through automated scripts and updated all VPS password that we could.
You can see your new password in your client area
If your password in the client area is still the initial password and you never changed it then please change it ASAP