All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Blazingvps.com appears to have been hacked
EDIT: It has been confirmed that it was blazingvps.com and not blazingfast.io the source of the data dump, despite the paste saying otherwise. Apologies for the confusion, I simply posted the information I had at the moment so that people were quickly aware of the issue.
So, keeping it short: blazingfast.io appears to have been hacked.
About an hour ago I was notified that my email was publicly posted in a paste. I rushed to check it, and voila, "blazingfast.io database dump", with details for hundreds of customers, and salted passwords.
If you use blazingfast.io, I advise extreme care. I note, however, that I do NOT have an account with blazingfast.io so I do not know where did my data come from. I do, however, recall using a provider called blazingvps, so I wonder if that's where my data came from and the "hackers" typed in the wrong name. I recommend using "haveibeenpwned.com" to check whether your email is associated with known breaches.
The attack seems to have been SQL injection (partial queries visible in the dump).
That's all I know for now. I've emailed blazingfast.io, and if I get no report of any hacks, then I shall email blazingvps.com as well.
Care for everyone who uses their services.
Comments
Got the same email myself. Can confirm.
Why not to just give link.
http://pastebin.com/Y2gyFcQA
Lol.
same here
What email? mine not there.
Nope, no email and i'm not on that paste bin...
Name, email, address and IP.
All you need is Google it and you could find your future husband/wife.
Nice place?
https://www.google.com/maps/place/9912+Huntington+St,+Huntington+Beach,+CA+92648/@33.6975042,-117.9954321,186m/data=!3m1!1e3!4m2!3m1!1s0x80dd26bff0b3a33b:0xf10f667858ade9ef!5m1!1e1
m1!1e3!4m2!3m1!1s0x80dd26bff0b3a33b:0xf10f667858ade9ef!5m1!1e1
Who? Not me lol
Hello,
From where you got this information ? Can you post any proofs ? Those link on pastebin is not related to us, there is no any information leaked from our database
I can tell you no any of this email registered with us . Its even not our database structure.So please dont make panic over internet
Dat SQL injection.. I thought WHMCS was more secure than that.. Or was it a plugin?
This is the DB of blazingvps.com the emails seem to be registered at their service.
I tried one and it wasn't. How many did you try?
How can you confirm that?
I tried two but they are randomly taken from the provided paste.
I tested the emails at blazingvps.com/pwreset.php,
wrong emails don't work there.
Very first try
I tried resetting the password for someone on line 38 in the paste (vlk*******@gmail.com)
And it was registered with blazingvps.com
Proof:
Whereas a random email gives this:
So it does seem to be blazingvps.com....
So its confirmed not blazingfast.io ?
misleading info / title here
Yes. It's unlikely that the 3 random guys I tested of the ~ 200 users pasted (expected to have an account @blazingfastio) also have an account at blazingvps.
They are different companies.
So absolutely no (known) breach @blazingfastio!
is this more SEO for blazingfastio ? we had some premium SEO for them last week on here.
i do not found my account emails or personal details there.
So, i think it's fake, or very old dump.
Well the userIDs suggest it's the very start of the database.
My account isn't in the db dump..
I am indeed registered in both places.
Maybe since this is not the company is subject the thread title should be changed to avoid confusion and badmouthing the innocent provider?
I flagged it with that exact note.
I wonder how many people use fake info when signing up with VPS hosts...
I tried to flag it too. It shows SMTP error unfortunately : (.
It was not an intent to create any panic in regards to you, but as to warn people. As you might guess, I cannot verify whether the dumped database was yours or anyone else's: all I know is I got an email about how my information had been in a paste titled "blazingfast.io database dump", and the paste was indeed there.
But yes, as others have said, it appears to have been blazingvps and the "hackers" wrote in the wrong name in the paste.
I have edited the title and added a note to the post.