New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
GalaxyHostPlus Suspected Breach of Contact Details
On 11 March 2016 at 19:21, billing@darkcloudhosting.co.uk wrote:
Hello there! Hope you're doing well today! We would like to announce that Dark Cloud Hosting is going to open at an announced date this month and we hope to catch you inside our small family. If you have an inquiries about services that'll be offered from our part then contact [email protected] and we will respond within 6 hours! Best regards, Dark Cloud Hosting Marketing Team
Spam that arrived along with several hundred CC'ed addresses. A few people have had a back and forth about reporting them to various data protection agencies, and noted that several of the addresses have +galaxyhosplus gmail aliases.
GalaxyHostPlus have had a few offers on LET.
Comments
@GalaxyHostPlus
And frankly, I never heard of "Dark Cloud Hosting" before.
@DarkCloud
Joined today.
I've heard of GalaxyHostPlus but not of Dark Cloud Hosting are they in business together?
Not that I know.. I'm trying to ask GHP about it, but their support system cannot make connection with their database.
Can't find anything on google either (besides this thread).. Kinda worried.
Probably because this dark cloud lot are 'new'.
@Ishaq, maybe they're both one and the same person, just a new company/domain? You'd be in a better position to tell with signup info.
Either way, private data leaked. bad bad bad. Just putting it 'out there'.
Hello.
We are investigating this we have shutdown our database we will inform once we find out everything. I will keep everything updated on this thread.
Also if someone can forward this email to me at [email protected]
At this moment looks like only VPS Clients are affected from Virtualizor Panel so be aware
That defiantly is not a good coincidence..
i got too from
[email protected]
I received an email back from Dark Cloud Hosting, needless to say.. person who did this kinda has been suspended. It still makes me wonder if galaxyhostingplus & dark cloud hosting are affiliated.
Also, whois info is a bit weird on Dark Cloud Hosting:
Their entire website is new as well, most things don't work. I assume that's the "soon" all about in the email subject.
Virtualizor is shi*, and so is the security on it.
Why didn't you switch to SolusVM @GalaxyHostPlus?
Their recent email:
They were actually already migrating to SolusVM.. just one of the nodes is still in progress.
Lol now virtualizors fault. How he can be sure on this?
Hello.
We have confirmed only Virtualizor is affected by this.
Date of DB affect 13th January 2016 Detected by finding similar email reported from other client from mountrix same data was sent today seems it's the same person who owned mountrix.
Apologize for any damage this may done to our client's. As we have been informed only email are affected seems there is some query to get such details.
We have removed all migrated account from Virtualizor last pending for migration will be done manually based on MySQL data.
We recommend change password just in cause.
Kind Regards
Janusz C
Galaxy Digital Networks
Received an email from Galaxyhostplus, more or less verbatim of ^
And the dark cloud hosting site is down. Giving a 404. Galaxyhostingplus said that they have taken action against them.
We have asked CloudFlare to take it down however seems like one of our client help us with their hosting provider.
So unlucky this happened before we finished migration to SolusVM.
Anyone else have similar issue with Virtualizor or we are just unlucky one?
Update
Found person who got our email data. I will take actions against him now.
Dear Client's.
We have investigated about Data Breach.
We have good news only Emails address are affected from Virtualizor.
We can confirm all VPS Servers and data is 100% safe all client's details included private details are safe and are not affected at all.
Virtualizor Only store email addresses in this case it looks like sql injection were made which shown full list of Emails addresses.
But don't worry we are porting to SolusVM to new platform which is protected from such attacks. We have removed current imported clients from Virtualizor database.
VPS Panel is hosted on a separated dedicated server so there is no need to worry about your personal details included billing panel.
We are sorry that you have go throw all this we hope to continue business as normal. This should not affect any service.
Also, we want to thank to our client's who reported these emails to us. that help us to take fast actions and protect from bigger damage.
We have found the person who have taken our data and we have taken legal actions against him.
There always 1% with every provider this may happen included government websites we are doing our best to secure all client's data to the highest level.
This included our own backup server hosted at CEO Home to make sure all data is safe and only stored at safe place.
Apologize for little drama today Everything is safe and hope to you see you again at GalaxyHostPlus.
Kind Regards
Janusz Czeropski
Galaxy Digital Networks
Wait a minute now you was on 2.3.0? virtualizor has long past that version
my virtualizor panel says it is at: 2.8.3
the sql injection vulnerability was fixed in 2.3.1
https://blog.rack911.com/security-advisories/virtualizor-privilege-escalation/
I am not sure what happened but that should be impossible now if you have updated virtualizor to its latest version.
Name and shame so nobody ever buys from them?
Hello.
We were running latest version 2.8.3 which is now shutdown to pretend from more attacks like this. I have actually found the person who did included his full details.
I would love to name him (He actually hosted his domain with us before) however this also against the law to put shuch information online specially thiefs are protected by law these years...
So I presume @virtualizor knows about this vulnerability now? This all seems a bits strange
I have message them on Skype but no respond from them.
Name and shame
My drama antenna is tingling
Fuck, so Virtualizor is insecure? Crap, literally just set up multiple servers with it. Time to switch to SolusVM again
We are awaiting information from @GalaxyHostPlus as of now.
I am so suspicious of this... why would an attacker just steal email addresses and not go after the individual VPS's? Makes no sense.
We've looked into a handful of claims about Virtualizor being compromised and it always comes down to baseless facts or an admin/support staff being compromised...
I'm not going to say any software is 100% secure... but I feel very confident in saying Virtualizor is 99% secure and unless GalaxyHostPlus has any actual proof to offer then to me at least, it sounds like he's covering his own ass.
Just my two cents, Canadian, which is basically worth nothing in US dollars.
Dear members,
E-Mails were sent directly to Janusz address to discover together this breach.
However we've announced that we're aware of the staff member caused in this security breach and therefor been terminated and permanently restricted from reaching our official contact members and servers.
We will contact Virtualizor as soon as we can catch them to figure out their issues!
We regret again on such action and we're deeply sorry for the inconvenience caused!