To all clients affected,
At around 02:00 UTC on the 22nd of May, 2019, a perpetrator gained unauthorized access to an administrator account on our billing area; due to the failure to utilize 2FA on this specific account over the last month, and a third-party database breach which happened to include the hashed password of this account, since the password was being reused.
The perpetrator then used a single-sign-on feature to access an administrator account on our primary website hosting node (EU-WEB-01).
We fully understand the severity of such an incident and while we still investigate this incident, we can confirm that clients' full names, company names, and email addresses could've accessed by the perpetrator.
We can also confirm that the perpetrator exported all client databases on the website hosting node to their own machine.
However, under no circumstance was the perpetrator exposed to payment information, physical addresses, phone numbers, or service details/login information.
We will continue to provide updates for all affected clients and can assure that all the necessary steps have been taken to ensure such an incident cannot occur in the future.
If you have concerns or queries regarding this announcement, please contact us for more information via firstname.lastname@example.org.
Wednesday, May 22, 2019
Powered by WHMCompleteSolution