6000 Accounts Hacked

Filed under Industry | Posted by Gary

You may have seen mention of this on Digg. Layered Tech sent out an email to all customers about a possible security breach. They’re one of the larger hosting companies, and also one that I recommend so I have an obvious interest in the story. I have 3 dedicated servers at LT. Unless you followed the link at Digg though, and read the email it could be a little misleading. Like most ‘hacking’ stories there was a lot of emphasis placed on the ‘hacked’ part and not much attention paid to the actual email that LT sent out.

The way I read it, Layered Tech detected unauthorised access to their support system. It’s unknown if the person actually retrieved any information, so, as a precaution they are suggesting that all customers change their passwords. Now that’s really open to interpretation. If you take it at face value then it says ‘something bad may have happened but we’re not sure .. so let’s be on the safe side’.On the other hand, I’m not sure whether any hosting company would want to come right out and say ‘hey, someone got 6000 login details .. better change your password quick!’. Only time will tell I guess.
The implications are huge of course. Many communications in their support system would include the root passwords for dedicated servers. At the same time though, if your server is properly protected then there is only a minimal risk of compromise. By properly protected I mean that you have a firewall installed with rules in place that only allow SSH access from specific IPs (i.e. yours and LT support) and you have your SSH server listening on a port other than port 22. You should, of course, have all of your data backed up as well and never keep sensitive information such as credit card details anywhere on your server.

People tend to jump on these incidents when they happen but the reality is that virtually any server can be compromised by an ‘elite’ hacker. By taking several precautionary measures though, you can prevent 99% of computer criminals from remotely compromising your server.

You must be logged in to post a comment.