Results 1 to 25 of 198
Thread: WHT hacked DB for sale
-
07-08-2016, 06:13 PM #1Web Hosting Master
- Join Date
- Oct 2005
- Location
- Surrey BC
- Posts
- 1,343
WHT hacked DB for sale
+ NOW WE'RE MAKING RECORDS, NOW WE'RE MAKING TAPES
-
07-08-2016, 06:19 PM #2~~~~
- Join Date
- May 2008
- Posts
- 3,424
Well, this is... somewhat disturbing.
Uptime Monitor - Minimize your downtime by being the first to know about it!
Blacklist Monitor - Are any of your IPs or Domains blacklisted? Find out before it gets to affect you or your clients.
-
07-08-2016, 06:38 PM #3Marketing Maestro
- Join Date
- Dec 2007
- Location
- Isle of Man
- Posts
- 3,068
-
07-08-2016, 06:53 PM #4Web Hosting Master
- Join Date
- Oct 2003
- Posts
- 9,264
Very interesting. Needs an upvote or three, and maybe an official statement from Penton would be nice.
-
07-08-2016, 07:07 PM #5Web Hosting Master
- Join Date
- Oct 2005
- Location
- Surrey BC
- Posts
- 1,343
Luckily the email I used for this was specific to forum use only.
+ NOW WE'RE MAKING RECORDS, NOW WE'RE MAKING TAPES
-
07-08-2016, 07:08 PM #6Aspiring Evangelist
- Join Date
- Apr 2006
- Location
- Yorkshire UK
- Posts
- 417
Also on Softpedia reported over 8 hours ago
█ Inventive Hosting █ UK | USA |SG | NL|Trading Since 2004
█ Shared Web Hosting - CloudLinux - Daily and weekly Backups
█ Fully Managed KVM VPS Packages and Fully Managed Dedicated Servers
█ UK Based 24/7/365 Support - 30 Day Money Back Guarantee
-
07-08-2016, 08:02 PM #7
Not good at all. Yipes!
█ ProlimeHost - Dedicated Server Hosting & KVM SSD VPS
█ Three Datacenter Locations: Los Angeles, Denver & Singapore
█ SuperMicro Hardware | Multiple Bandwidth Providers | 24/7 On-site Engineers
-
07-08-2016, 08:04 PM #8Junior Guru
- Join Date
- Jan 2010
- Location
- South Carolina
- Posts
- 224
Disturbing...
░▒▓▒░ USHost247 - Shared , Reseller, & Domain Services ░▒▓▒░
░▒▓▒░ cPanel, Softaculous, White-Labeled Reseller & Off Site Backups ░▒▓▒░
-
07-08-2016, 08:14 PM #9Junior Guru
- Join Date
- Jan 2006
- Location
- Cincinnati, Ohio
- Posts
- 187
I wonder how long they have had access?
Joshua Combs
-
07-08-2016, 09:22 PM #10Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,178
Well... I don't think it should have to be said but... change your passwords.
█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
07-08-2016, 09:57 PM #11Junior Guru
- Join Date
- Jan 2006
- Location
- Cincinnati, Ohio
- Posts
- 187
What if they still have access? I am going to wait to change this password, but have already done so on other places that I have replicated use of the same password.
Joshua Combs
-
07-08-2016, 11:39 PM #12WHT Addict
- Join Date
- Dec 2012
- Location
- New Zealand
- Posts
- 128
Would be good to have an official statement verifying whether or not this is legitimate (and if it is, a mass forced password reset)....
hostBB.io - WebHosting Community
-
07-08-2016, 11:42 PM #13Web Hosting Master
- Join Date
- Feb 2012
- Location
- New York, NY
- Posts
- 568
Disturbing would be the fact that Penton corporate has such lax security and apparently doesn't place a high priority on the security of the user information of the 1.7 million WHT/HotScripts/MacUser users whose data was breached since they don't even bother to apply software updates to their sites in a timely manner and are running versions of software that are known to have multiple vulnerabilities. Example: TheWHIR, the HotScripts blog, and the Mac-user forums blog, are all running WordPress 4.3.1 which has a ton of critical vulnerabilities (see: thewhir.com/readme.html). Based on their inability to apply updates to their WordPress installs, it wouldn't be surprising if they are also several patches behind in applying VBulletin updates.
-
07-09-2016, 01:44 AM #14Empowering your vision!
- Join Date
- Jan 2015
- Posts
- 1,340
Knowing that most people re-use their passwords, this is indeed problematic for many. Even more disturbing is to find this out from external sources rather than WHT themselves.
With that said, change your passwords to one you won't re-use anywhere else. Make that a habit, not an exception.█ MightWeb - Web Hosting, Reseller Hosting, Virtual Servers & Dedicated Servers.
█ KVM VPS's - RAID 10 Pure SSD - Windows & Linux - Managed services available
█ Reseller Hosting with WHMCS | Pure SSD | Premium Network | SpamExperts
█ DDoS Protection, R1Soft Hourly Backups, LiteSpeed, 30 Day Money-Back Guarantee
-
07-09-2016, 01:57 AM #15WS Developer
- Join Date
- Nov 2003
- Location
- USA
- Posts
- 877
No answer from Penton?
-
07-09-2016, 02:52 AM #16
I'm curious to see if this is even real, or if this is recent.
Honestly, I'm not surprised at Penton's silence. Don't take that as them being fishy though, or not doing anything. Proper investigation must be launched, and this isn't something you want to speculate on.
Give it time, I'm sure Mat is on it and someone from Penton will get in here and respond when they know what's what.Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
07-09-2016, 06:05 AM #17Junior Guru Wannabe
- Join Date
- Jun 2007
- Location
- Estonia
- Posts
- 70
Bad things happened before, happened now and will happen in future. Just curious when it actually happened.
EstNOC - providing hosting services since 2009!
Dedicated server and VPS hosting in Estonia, Finland, Sweden, Norway, Russia, Poland, Germany, Netherlands, Czech Republic, Romania, Hungary, Italy, Spain, Switzerland, Japan and Philippines.
-
07-09-2016, 06:13 AM #18Junior Guru Wannabe
- Join Date
- May 2013
- Location
- Dhaka
- Posts
- 43
waiting to see a response from penton!!
☆☆ Soft Domain Host☆☆
►►Software, Domain and Hosting Server Provider◄◄
►►VPS, Dedicated Server [Locations: USA, Asia]. ERP, E-commerce & Custom Software Developer◄◄
-
07-09-2016, 06:17 AM #19Web Hosting Master
- Join Date
- Feb 2012
- Location
- New York, NY
- Posts
- 568
I'm sure Penton is waiting for their lawyers' approval before issuing a statement so any statement will probably be made after the weekend.
I question however whether anyone from Penton is "on it" given the fact that their company security is extremely lax and any breach of user information is entirely their fault for not keeping their systems updated. All 3 of the (allegedly) hacked sites are running outdated WordPress installs that contain vulnerabilities. Plus, WHT is running an outdated version of VBulletin 4. The Penton corporate site is the biggest offender and is running WordPress 3.91 (yes, 3.91 which was released in May 2014) which contains a known 0day exploit and numerous XSS vulnerabilities. There is absolutely no excuse for not applying security patches in a timely manner. This wouldn't be the first data breach Penton has suffered due to lax security (in 2009 a data breach occurred when a Penton employee lost a laptop containing customer credit card data https://www.oag.state.md.us/idtheft/...ITU-168274.pdf ).
TLDR; It's ironic that a company like Penton whose research division conducts IT industry security surveys can't even keep its own systems up to date.
-
07-09-2016, 08:23 AM #20Aspiring Evangelist
- Join Date
- Feb 2002
- Location
- Indiana
- Posts
- 422
Sad that an official email or thread posted by one of the admins here. You don't need a lawyer to post a message to tell everyone to change their passwords.
Just another company worried more about protecting their own butt then worrying about it's users. Which obviously they don't care as they are still using MD5 hashing which in today's cracking abilities should just go ahead and not hash it at all.
Shame on you WHT.
-
07-09-2016, 09:01 AM #21Junior Guru Wannabe
- Join Date
- Oct 2015
- Posts
- 64
Nothing much can be expected..They should the first to inform or at least mail people that account is hacked.
-
07-09-2016, 09:33 AM #22
Incidents like this can happen. I would expect an official announcement stating that the matter is under investigation and that all should change their passwords immediately. Not having a statement is unexpected and surprising.
█||||[ MechanicWeb.com - Shared Hosting | Reseller Hosting | KVM VPS | Dedicated Server ]
█||||[ NVMe SSD | cPanel | DirectAdmin | LiteSpeed | CloudLinux | MailChannels | Since 2008 ]
-
07-09-2016, 09:47 AM #23Disabled
- Join Date
- Mar 2008
- Posts
- 56
Is it even under investigation though?
An email to at-least let people know there is a possibility that a hacked DB is for sale would be nice... even if it is a false alarm.
-
07-09-2016, 10:04 AM #24Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,178
Last time WHT was hacked I don't remember notifications/emails/etc... I know WHT is owned by Penton now - but I wouldn't expect the behavior to change.
Honestly I'd be very surprised if I heard about this anywhere else but here. I almost expected this thread to disappear.
I guess it's good that the attackers only snagged a copy of the database rather than defacing it / destroying it / damaging the data - or maybe they tried and failed. I know last time WHT was hacked I lost something like 1,500 posts.█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
07-09-2016, 10:25 AM #25Web Hosting Evangelist
- Join Date
- Apr 2013
- Location
- Data center
- Posts
- 541
Similar Threads
-
Very interested on the status of WHT hacked db restore, Any one else?
By Manageandsupport_com in forum WHT Announcements, Feedback and QuestionsReplies: 16Last Post: 04-06-2009, 07:23 PM -
US and Canada Telephone Area Code DB for sale!
By Douglas in forum Other Offers & RequestsReplies: 2Last Post: 06-09-2006, 02:27 PM -
site + large DB for sale with some traffic + others
By DNGeeks in forum Other Offers & RequestsReplies: 7Last Post: 10-15-2004, 10:29 AM -
30+ Domains for sale - Discounts for WHT users
By deepensky90 in forum Other Offers & RequestsReplies: 9Last Post: 05-26-2003, 08:17 PM