November 30, 2007 -- (WEB HOST INDUSTRY REVIEW) -- UK-based Web hosting provider Fasthosts Internet (fasthosts.co.uk) announced on Friday that it will be changing the passwords of some of its customers after its servers suffered an intrusion and account details were compromised.
Fasthosts says that a small number of its customers who did not change their passwords have had their FTP spaces compromised, an experience that is likely the fallout from a hack on its systems last month, says the company.
In an email sent to its customers, Fasthosts says it has implemented an automatic password change for every control panel, FTP or SQL password that was not previously reset, and in 10 days the company will also reset all unchanged email passwords, in an effort to protect customers from any further compromise.
The company is sending replacement passwords out via Royal Mail. However reports suggest that the sudden reset has caught some customers by surprise, with some claming that their websites have been inaccessible while they wait for their new passwords to arrive.
COMMENTS
I am totally shocked and annoyed that they have done this. I have been trying to log in to my account for 3 days and have important changes to make to my website. When I try phoning Fasthosts they are either engaged or their number is not recognised. This is very inconvenient and as soon as I can I will be removing my website and demanding my money back.
posted by: Tina Massey | November 30, 2007 02:22PM
Fasthosts took the decision yo reset all passwords without firstly consulting the "Small number of Client" this would effect. Many of the customer's businesses are built around the services provided by Fasthosts. Surely it would have been good business practise to inform clients prior to effectively closing down businesses for three or four days and effecting company reputations. Having spent the majority of the last two days trying to contact Fasthosts I suspect the phrase "Small number of it's customers" is a slight lie to say the least.
As a web development agency we have in the past spent a lot of money with Fasthosts - we will be looking for a better solution
posted by: Gareth Tannatt Nash | November 30, 2007 02:59PM
We were told in October that there was no need to change FTP passwords, as the security hole which Fasthosts was responsible for in the first place had been fixed.
Fasthosts entire shared FTP system 'broke' / 'was taken down' at 1pm and was not up again until about 10.00pm we received an email at 11.40pm with a list of 908 of out customer passwords to change.
The help desk number was engaged / not available. Support emails when they did come suggested this was a planned maintenance event.
This was no audit, this was not planned, something went wrong and Fasthosts panicked and had to fix it in a hurry.
Anyone who has company who lost money through their incompetence should take legal advice, check your contracts Fasthosts are in breach - again.
posted by: Jim Ancil | December 01, 2007 05:03AM
posted by: Cheeks | December 01, 2007 01:41PM
Apparently the small number of customers that didn't change there passwords is actually 73 per cent (me included). I'm livid!!My website is down and I cant do a thing about it until my letter arrives in the post!! If it ever does.
posted by: Cheeks | December 01, 2007 01:43PM
As another person who cannot access their site to upload new content I am absolutely furious.
Unfortunately I did not see their email asking me change my password (it was in my spam folder) I still don't understand why they reset the passwords before their customers received new ones by post. This has been an utter fiasco that cost me dearly and I will be looking for recompense.
I would strongly recommend to anyone considerig hosting with fasthosts that they think about how they have dealt with this situation before committing themselves.
posted by: Richard | December 01, 2007 01:52PM
Well royal mail has arrived Monday again without anything from Fasthosts, I cant get in touch by telephone, and I cant use 24/7 support as you need a password to access it, As they have changed their own passwords I only assume that they have changed every password across the hosting platform without previously notifying anyone.
There will be much fallout from this, especially as they knew about the issue back in October.
I have one database driven client website, completely down since friday and no way of fixing it. Having been a client with Fasthosts for 10 years, this is a wake up call as to how un-professional they have become.
I use 5 other host companies for differing clients, but this fiasco will make me consider continuing with Fasthosts
posted by: Philip | December 03, 2007 06:27AM
same issues as above but when I eventually got through they had changed my control panel username as well - my ftp still doesn't work even though I changed password here as well on saturday
In fact the same is true for all the sites I manage.
what a mess!
posted by: colin | December 04, 2007 02:47PM
In going to the expence of using Royal Mail to notify their customers of new passwords Fasthosts are publicly declaring a Vote of no confidence in the security of their own eMail Servers.
Further more by not notifying there customers of the security breach and sending out eMail's requesting a password change it has left hundreds of customers potentially at risk if their data has been stolen as the attacker will now be in possession of potentially hundereds of peoples details and their passwords to their computer systems.
posted by: Daniel | December 05, 2007 12:49PM
Received one letter togay from Fasthosts, don't know where there other half a dozen are. The new Control Panel Password... doesn't work!!
Got down to position 29 in the telephone queue after 2 weeks constantly ringing but gave up, it was 2am in the morning.
posted by: fastlostfaith | December 06, 2007 07:51AM
Nice of you to hang on a premium rate line giving them a free Christmas bonus!
posted by: Daniel | December 06, 2007 09:26AM
Fasthosts are simply telling lies, blanking enquiries, refusing to recognise the seriousness of the situation and hoping it will go away.
It will not.Anybody with any sense will cancel their accounts with Fasthosts and sell their shares with the holding company United Internet AG (Xetra). This is incompetence and irresponsibility on a grand scale.
posted by: Paul Fishlock | December 09, 2007 12:28PM
I have exactly the same problem as the other comments. There appears to be now way of contacting fasthosts and the new password that I received does not work. How do you change web hosting companies and retain e-mail addresses and domaoin names?
posted by: Denis | December 12, 2007 05:09AM
[POST COMMENT]
