New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
ChicagoVPS database leaked? ChicagoVPS customers - change your root passwords immediately!
Ok this @NITEDREAM user just send me a PM with only an URL and "ChicagoVPS DB DUMP" in it. Might be spam, so be warned. @Liam banhammer?
This discussion has been closed.
Comments
Can you please PM me that URL?
sent it to me aswell, messaged Chris, Kevin and Luc about it.... might wanna blur the link @raymii
There might be some virus installer in that download.
Banned
Edit: Is this legit? If so is there a solus exploit?
Interesting. I don't think anyone knows if it's legit.
Nah it has a legit sql dump in it:
Yeah it is legit sql info and nothing more. How old the dump is? I do not know, I did however look at the timestamp on the last admin added and it is not too old:
TIME STAMP: 1351992904
DATE (M/D/Y @ h:m:s): 11 / 03 / 12 @ 8:35:04pm EST
It shows the sql file created Feb 8th, 2013 though.
That would be from the time their servers got compromised. Old news then
Cannot find a mediafire report link on the page... Hope this is not a SolusVM zero day :P
Looking through time stamps on the admin log entries, they all show around November of last year so I would say this sql file is from last year.
Interesting, to know what is happend!
I got a mail "ChicagoVPS - Global Password Resets" today.
they expired all solus passwords as their "new security policies". without any info about this leakage.
I got this mail, too. At first I thought it was a scam... But better change my PW now.
Could be true because the pw to my account keeps "reset" by itself no matter how many times I've changed it , eg: If i change my passwd today, it would be reset to some other passwd a couple days later. This is scary as my suspicion has just been confirmed.
they expired all solus passwords as their "new security policies". without any info about this leakage.
I also got this today, consequence?
This is in Google first page... Would be this post removed later?
Why should it be removed?
It's probably just you, since google displays personalized results.
@black ah.. so it's just the cached...
out of curiosity, to the ones who have the db, does it say how many nodes cvps has?
Since Chris always talks about how big the company is.
thier notification mail was sent on
Date: Thu, 28 Feb 2013 03:42:23 -0500
before Raymii posted here. But I could not find any legit reason to reset passwords today except this.
seems they were trying to hide it.
@cause "Trying to hide it" would be just doing nothing, pretending that nothing happened. Maybe they just learned about this leak today (got a pointer to the database or something).
Oh, so not a solus exploit. Not to worry then.
Got this just now
http://www.chicagovps.net/
Sales Email: [email protected]
Pingdom Report: http://stats.pingdom.com/jzrszp4wfu79
Facebook: http://www.facebook.com/chicagovps
Twitter: http://twitter.com/chicagovps
Depends if the db is full, was it a whmcs db or the solus db?
I suspect solus to what I've read so far. Bit on the weird side..
Yes, it's legit sql info, however it's taking a while to open so I'm not going to bother.
One of the oddest reasons to need an SSD in my laptop.
EDIT: @eastonch from what I can see in the first few lines, it's solus
You guise watch out. The mediafire link might contain a RAT or a virus binded with the file. So ya'll be careful
So how do they notice that customers are using "easy to guess" passwords? Aren't passwords supposed to be salted and hashed?
It also seems like the customers are being blamed for this breach. This is the part I don't understand.
That was my first thought too.