WebHostingTalk (WHT) is down; full db released by hackers

[romes]

Is HD safe from hacker attempts? Would hate to see something that happened to WHT happen to HD

 

[ayksolutions]

Underhost,

Do you have the list that was posted on the net? If so, could you send it my way so I can go through it and see if any of our details or on there? We have not purchased anything for a very long time from WHT and I believe the card we used is already canceled either way, but never hurts to be on the safe side.

 

[ayksolutions]

I have not seen any type of apology from iNet yet on their status page. I suppose that will come later?

It is a huge PCI violation which can be very costly to iNet. I wouldn't be surprised to see them being sued over this, especially if there is any identity theft.

 

[Artashes]

I think that anyone that has information on points of distribution of database in full or in parts - they should immediately contact iNet about it. Even if its another member who says he knows where its being distributed - let them know about it so they can investigate all leads and block further distribution attempts. The information was stolen, so the last thing we want is help the attacker carry out its mission.

 

[ayksolutions]

How would you go about contacting them? According to their status page they will contact you if your data was compromised.

 

[ldcdc]

How would you go about contacting them?

WHT is owned by iNET Interactive: http://www.inetinteractive.com/about/contact/

According to their status page they will contact you if your data was compromised.

That's a different issue though. What Art was suggesting was that if you know of some site that distributing parts of their database, I'm sure iNET would appreciate letting them know.

 

[ayksolutions]

Dan, thanks for the clarifications. I'll follow up with them and see if any of our data has been compromised.

 

[UnderHost]

Are you saying that passwords are that easily readable?? I always was under the impression that an application like vBulletin would use good encryption code to protect passwords? :uhh:

Yes, as long the hacker have the salt files, this is really easy to found the password from hash.

And if he have the complete db, i suppose they also get the salt files.

 

[UnderHost]

Underhost,

Do you have the list that was posted on the net? If so, could you send it my way so I can go through it and see if any of our details or on there? We have not purchased anything for a very long time from WHT and I believe the card we used is already canceled either way, but never hurts to be on the safe side.

Hi, we have downloaded two table from rapidshare, but in this case i prefer don't share the content of these table.

You can give me your name and email, i will verify if your information are on then reply you via PM.

 

[UnderHost]

I think that anyone that has information on points of distribution of database in full or in parts - they should immediately contact iNet about it. Even if its another member who says he knows where its being distributed - let them know about it so they can investigate all leads and block further distribution attempts. The information was stolen, so the last thing we want is help the attacker carry out its mission.

We already, contacted INET in morning. they shutdown the site after my intervention.

 

[UnderHost]

Last Update:

UPDATE: 7:14pm est 04/07/09

From what we know now, there were more records on the database server where the credit card dump was taken. If research shows that a larger number of customer's data was compromised, we will contact those individuals directly.

 

[ayksolutions]

The passwords have been compromised. Numerous other hosts who used the same passwords on their servers as on WHT have been hacked. Be sure to retire the password that you used with WHT and never use it again.

 

[siforek]

Of course its great to have a more balanced media and competition is great for the industry, but its just not as easy as it seems.

You know WHT was doing something right when it took them getting hacked for other forums to compete.

Before this WHT was my top forum. I'm not saying I won't go back after this is all sorted out, but I don't think it'll ever be the same for me. They never had my credit card info, and PMs never included anything confidential, but I feel for those who did.

There are pros and cons to large and mid sized forums. I've had the pleasure of experiencing the pros of mid sized here at HD solely because of WHT getting hacked. I registered at HD the day before WHT went down, and I HAD to post/read somewhere :shaky:

Maybe it's fate.. God hacked WHT so I would be more active here. That's it! Unless anyone else has a better explanation

 

[csn-uk]

I personally prefer HD to WHT, and as do my staff. There is a better sense of community then that of WHT, and things seem to go a lot more smoothly to say the least. WHT will survive, there is no real doubt about it although their marketing side is going to be hit hard and I like others feel for those who have lost or had their data stolen in this.

We may see WHT use external sites to store the CC data in the future? PayPal, Google Checkout and the like as many of us do. Hopefully it will open the eyes of some users that using the same passwords across board is a bad idea although you’ll always have someone who thinks “password” is a good password :uhh:

 

[SenseiSteve]

They're back online this morning, but the same problem of New Posts still isn't functional.

 

[LaneHost]

Haven't jumped back on there yet, but did hear about them going back online through Twitter.

 

[SenseiSteve]

WHT is back up now, and it appears 75 percent of the posts have been recovered. Of my over 1000 posts since Dec 08, my current account displays 80+, but when searching for all my posts, it's at 709 dating back to Dec 1st, 2008.

 

[gearworx]

Unfortunately we're one of those unlucky users:

iNET Interactive, the owner of Web Hosting Talk, is sending this email to inform you that your credit card data was recently compromised. Your credit card ending in **** and with an expiration date of **** was exposed as a result of a data breach. This credit card information was stored in a billing system currently used for sticky post purchases on Web Hosting Talk, but in the past had also been used for banner advertising purchases and premium memberships. iNET Interactive became aware of the data breach on April 7th. However, we have evidence that the intrusion actually took place on March 21st.

We strongly recommend that you personally contact your credit card issuer and block this credit card number as well as carefully review your credit card statement to identify potential fraudulent transactions. Please note that most major credit cards will not hold cardholders liable for fraudulent purchases made using your payment card. Please reference your cardholder policy for specific details.

iNET Interactive and Web Hosting Talk deeply regret the compromise of your credit card information. We are responsible for maintaining security and privacy, and we take that responsibility very seriously. iNET Interactive has filed reports with the credit card companies, and we are working with outside parties on security audits and PCI compliance assessments. A criminal investigation is also underway.

Additional information about this data breach has been made available at www.Webhostingtalk.com. If you have questions about your specific situation, please contact iNET Interactive by e-mail at support@inetinteractive.com.

MOD NOTE: Quote edited. Sensitive information removed.

 

[IkY0294]

Some files to the script is gone, no one can register I've tried today because they have the 2007 data base and it said that there was no register page. Try to do it it says not found.

 

[LaneHost]

Unfortunately we're one of those unlucky users:


MOD NOTE: Quote edited. Sensitive information removed.

You weren't the only one that got that email... :rolleyes2