On Saturday morning, eUKhost managing director John Strong told customers that an administrator level login was compromised and an IP address added to an allow list, allowing a successful login. He assured customers that credit card information or payment details were not compromised.
By Monday, eUKhost moved its billing system to a new server and changed the encryption algorithm use for both staff members logins and client data. It logged the breach with the Information Commissioner’s Office, the UK’s independent authority that upholds information rights in the public interest, and promised customers more updates in time.
Last week, UK hosting provider UK2.NET was hit by a DDoS attack, and customers were critical of its lack of communication around the incident. While a quick search on Twitter brings up a few unhappy eUKhost customers, eUKhost kept customers updated through its status page consistently, and provided more detail than UK2.NET provided its customers. Both security incidents illustrate the importance of web hosts being transparent and keeping customers updated about the investigation.
eUKhost reset the working passwords for shared hosting and VPS clients stored in the billing system, and dedicated server and cloud hosting clients were asked to change passwords as soon as possible. In its notice to customers, eUKhost reminded customers to use passwords that do not use dictionary words and use numeric and symbolic characters to ensure logins are secure.
According to a report by the Register on Monday, Pakistani hacking group UrduHack was behind the eUKhost billing system breach. Four weeks ago, the group uploaded a video of it hacking eUKhost on its YouTube channel. The video was online at the time of writing this article, but was removed shortly before publication this morning.
Strong told the Register that the hackers had not covered their tracks by deleting logs, and gained entry via some outdated software that wasn’t shut down properly on the website.
It is unclear how many customers were affected by the breach, but according to the report, the hackers had only visited a few accounts.
Talk back: What is your communication strategy for relaying information to customers about security breaches? In your experience, what is the best communication tactic in these kinds of scenarios? Let us know in a comment.