By Liam Eagle, theWHIR.com
October 17, 2008 — (WEB HOST INDUSTRY REVIEW) — Dedicated and managed hosting provider The Planet (www.theplanet.com) issued a notice to customers Thursday, informing them of a security breach the company had detected, and recommending certain steps customers could take to protect their accounts from further compromise.
“In the course of the last two days, our Computer Security Incident Response Center team has identified suspicious activity in our customer management portal,” said the email sent to customers. “We have identified what appears to be a security breach that may have affected your customer portal account and server passwords. We have identified the methods by which the systems were compromised and have closed those holes. In addition to those actions, we will be implementing additional security measures to further strengthen the infrastructure and systems.”
In a phone interview with the WHIR Friday, The Planet’s vice president of technology Will Charnock said the breach is believed to be the result of a compromised employee account – something the company has never encountered in the past. According to the security investigation up to this point, only two user accounts were definitely affected, and no credit card information is believed to have been compromised.
The company says it moved quickly to repair the breach and contacted all of its approximately 25,000 customers to advise them to take a few “best practices” type precautions in the interest of remaining as secure as possible: changing logins and passwords for Orbit (The Planet’s customer portal) immediately, and every 60 days following; doing the same with server passwords; being alert to suspicious activity on accounts; and retaining access logs and contacting the company if suspicious activity is suspected.
Charnock says The Planet is looking for ways to further secure its systems, and is looking at the incident, and the message to customers, as an opportunity to encourage more careful security practices among customers.
According to the announcement, the company is also working with authorities to “identify the perpetrator and pursue appropriate legal action.”
Interestingly, The Planet chose to address the breach publicly, by notifying all its customers, when there might have been at least some temptation to fix the few identified damages and sweep the incident under the rug.
Charnock says The Planet’s policy is to pursue transparency in dealing with any incident. Even when customers are not affected directly by the issue, and especially when they are, he says, direct communication from the company eases users minds because they don’t feel any concern that there’s more to the issue than they’re hearing.
In a thread posted yesterday to the often critical WebHosting Talk forums, user response to the incident, and the company’s response, seems to range from indifferent to appreciative.
According to Charnock, the breach was a non-issue for the vast majority of customers.
About theWHIR.com
Since 2000, The Web Host Industry Review has made a name for itself as the foremost authority of the Web hosting industry providing reliable, insightful and comprehensive news, interviews and resources to the hosting community. TheWHIR is an iNET Interactive property. For more information on iNET Interactive, visit http://www.inetinteractive.com
No related posts.
