LeaseWeb announced on its blog on Sunday that it was the victim of a DNS hijack attack on Saturday around 1 pm ET, which redirected visitors of Leaseweb.com to a non-LeaseWeb IP address.
In the blog post, LeaseWeb’s senior regulatory counsel Alex de Joode said that the DNS hijack was detected and mitigated promptly by its security department and only had “superficial effects.”
According to the investigation so far, no domains aside from leaseweb.com were accessed and changed and no internal systems were compromised. LeaseWeb stores customer data separately from any publicly accessible servers so it doesn’t look like any customer data was compromised.
As a result of the DNS hijack, emails sent to @leaseweb.com addresses between when the hijack began and when it was mitigated were not received by the company and domain name registration and server reinstallation via its self-service portal was disabled.
Some reports over the weekend suggested that the attack could be linked to the WHMCS vulnerability discovered last week, but LeaseWeb said that is not the case because it runs in-house developed software for its customer panel. It is still unclear how the hijack could have happened, de Joode said.
“Right now,” he said, “it appears that the hijackers obtained the domain administrator password and used that information to access the registrar. We will continue to investigate this incident thoroughly and take decisive action accordingly.”
LeaseWeb told customers that it will continue to review its security systems and protocols and adjust where necessary.