On November 15th BIPS was the target of a massive DDoS attack, which is now believed to have been the initial preparation for a subsequent attack on November 17th that overloaded our managed switches and disconnected the iSCSI connection to the SAN on BIPS servers.
Regrettably, despite several layers of protection, the attack caused vulnerability to the system, which has then enabled the attacker/s to gain access and compromise several wallets.
At this point all wallet functions have been disabled in order to conduct a full investigation and audit. BIPS will be contacting compromised wallet owners individually.
BIPS will also be contacting merchants who have not enabled automatic conversion of bitcoin.
Merchant processing functionality and buy/sell has been re-enabled.
It's interesting that they had not properly segregated the iSCSI traffic from the network traffic. I wonder how they gained access from this though, possibly due to the loss in connection, the cluster rebooted and they were able to gain access to the servers while they rebooted.