Results 101 to 125 of 198
Thread: WHT hacked DB for sale
-
07-11-2016, 02:45 PM #101Web Hosting Guru
- Join Date
- Feb 2013
- Posts
- 283
SO WHY ISN'T THIS THREAD FLAGGED AS FEATURED?
It only has impact / interest with every user on this site? Far less newsworthy and less active threads end up featured.
Are moderators hands being tied by Lord Penton? Show spine mods, do the right thing.
-
07-11-2016, 02:55 PM #102Marketing Maestro
- Join Date
- Dec 2007
- Location
- Isle of Man
- Posts
- 3,068
Certainly very strange that nothing *appears* to be happening, but I'm sure there is something in the background taking place.
Communication is key and communicating this issue to members would make complete sense at the moment. If this was any other company holding personal information, the lapse of time would just be unacceptable. Even if the data might not be legitimate (but appears that it is), then a simple precaution to suggest passwords being changed would be very sensible.
-
07-11-2016, 03:11 PM #103Junior Guru Wannabe
- Join Date
- Mar 2012
- Posts
- 30
Communication
At the very least, I would have expected an official "We are investigating this issue and will update everyone once we know more".
The fact that the owners couldn't be bothered to do that much says a lot.....ATM Web Design Inc.
Providing Reliable Web Development and Hosting since 2002 - Visit http://www.atmwebdesign.ca for packages and pricing.
-
07-11-2016, 03:15 PM #104Web Hosting Master
- Join Date
- Mar 2009
- Location
- Miami, Florida
- Posts
- 20,777
-
07-11-2016, 03:15 PM #105
No , you're far from the first
Wrong. Nobody's trying to 'cover it up'.
You clearly have no clue how the corporate world works. You do not get someone out of bed, or 'ruin weekends' for something as trivial as this. Yes, this is trivial, in the grander scheme of things.
Yes, I get it, the social media aspect of things has taught you to demand instant gratification, but that's not how reality works.
Have they ignored the issue? You can bet they haven't. They'll get a response when it is appropriate. Don't like it?? The door's over there, feel free to use it.Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
07-11-2016, 03:17 PM #106Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
07-11-2016, 03:33 PM #107Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,178
█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
07-11-2016, 03:36 PM #108Web Hosting Guru
- Join Date
- May 2009
- Posts
- 312
-
07-11-2016, 03:40 PM #109Junior Guru
- Join Date
- Aug 2015
- Posts
- 182
2FA will be a nice addition
-
07-11-2016, 03:41 PM #110Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
07-11-2016, 03:43 PM #111Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,178
█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
07-11-2016, 03:45 PM #112Best Customer Service..ALWAYS!
- Join Date
- Feb 2007
- Location
- Isle Of Anglesey, UK
- Posts
- 1,468
-
07-11-2016, 04:02 PM #113Web Hosting Guru
- Join Date
- Feb 2013
- Posts
- 283
A. You have skewed view of how things are or just are apathetic.
B. This happened on Friday. So slack started then. Friday still is a workday in the Americas.
C. Legal council is 24/7 for screw ups at Pentons size.
D. PR is in house on salary and they jump when told to, even if 3 AM on a Sunday Christmas.
E. There is nothing trivial about details of millions of accounts getting public displayed. There is legal liability, can be civil implications, criminal if intentionally negligent, most States can assess fines and require disclosures potentially. It's nothing to go minifying.
F. Logical thing to do was to reset passwords upon notification of this potential. Working on 4 days of letting the bad guys have at things. Open season on their valued account holders.
--- Do you treat your customers/partners/audience like that?
I have experience in public relations field representing clients who do moronic things like this at major level. Been involved in $xxx million matters on acquisitions as well as lawsuits.
What Penton is doing is covering their asses. Told everyone including mods to shut their mouthes and no mention of it. Goes something like this:
"... statements potentially could expose Penton to serious financial and legal risks..."
I've emailed Penton corporate asking them to come out of their spider hole and clean up the mess.
We don't need a security firm report later as the peace offering to tell use that their software here was old, not updated, full of exploits, we already know that. We know the perps didn't do it from their network connected refrigerator on their home IP either. Fruitless theater meant for show and never yields anything of value.
Risk and liability gets minimized by pushing the magic PASSWORD RESET in the administrative area for all accounts. Not for me, for all those millions that have no freaking clue what has happened and now are about to get phished on and ID robbed potentially. Someone, anyone, do the right thing and push the password reset button.
-
07-11-2016, 04:32 PM #114Web Hosting Master
- Join Date
- Dec 2011
- Posts
- 1,460
"I've seen spam you people wouldn't believe. Routers on fire off the OCs of AGIS. I watched MXes burning in the dark near the Cyberpromo Gateway. All those moments will be lost in time, like tears in rain. TTL=0."
-
07-11-2016, 04:32 PM #115
Actually, this happened much earlier than Friday. However, first notification of this?
07-08-16, 16:13
That's past business hours. I'm sorry you don't get that, but that is what it is.
Bzz, wrong answer. Legal is not going to get called in for this on the weekend. Again, this is a corporate mentality, not your own specific site.
Again , wrong answer. This is trivial, it's minimal. Them not responding to you immediately is not going to solve a thing.
Until they identify how the breach took place, find, and fix the hole, them responding is pointless.. THAT, you can bet, started the instant that this was posted. Mat knows his stuff and will take care of things. he always has.
It's funny , so many armchair quarterbacks here , what with their pitchforks and nooses, ready to lynch corporations, without a shred of respect for the real world out there. Things like this take time. Investigation takes time, responses to incidents like this are not going to come over the weekend, or over night, no matter how much you want to feel warm and fuzzy. Again, if you can't deal with it, then the door's over there... I suggest you use it.Tom Whiting, WHMCS Guru extraordinaire
Linux problems? WHMCS Problems? Give me a shout
Check out my WHMCS Addons
-
07-11-2016, 04:50 PM #116Caffeine addict
- Join Date
- Mar 2010
- Location
- CMYK-Land
- Posts
- 1,400
Its amazing how much of double standard and rules people applied in this topic. If there was same situation but with a host who stay silent for 4 days most of the members who right now have patience and understanding would be livid over that host. Not to mention accusations followed by "change the host", "irresponsible host", "host is a joke", "time to leave"... Well how about to apply same rules here. So are you guys leaving WHT?
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.
Pretty soon we can expect hosting companies offering "double unlimited"
or "not limited unlimited with no limits".
-
07-11-2016, 04:56 PM #117Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,178
█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
07-11-2016, 05:12 PM #118Empowering your vision!
- Join Date
- Jan 2015
- Posts
- 1,340
You have no idea what they did or did not do that Friday.
C. Legal council is 24/7 for screw ups at Pentons size.
D. PR is in house on salary and they jump when told to, even if 3 AM on a Sunday Christmas.
E. There is nothing trivial about details of millions of accounts getting public displayed. There is legal liability, can be civil implications, criminal if intentionally negligent, most States can assess fines and require disclosures potentially. It's nothing to go minifying.
F. Logical thing to do was to reset passwords upon notification of this potential. Working on 4 days of letting the bad guys have at things. Open season on their valued account holders.
I have experience in public relations field representing clients who do moronic things like this at major level. Been involved in $xxx million matters on acquisitions as well as lawsuits.
What Penton is doing is covering their asses. Told everyone including mods to shut their mouthes and no mention of it. Goes something like this:
"... statements potentially could expose Penton to serious financial and legal risks..."
I've emailed Penton corporate asking them to come out of their spider hole and clean up the mess.
Risk and liability gets minimized by pushing the magic PASSWORD RESET in the administrative area for all accounts. Not for me, for all those millions that have no freaking clue what has happened and now are about to get phished on and ID robbed potentially. Someone, anyone, do the right thing and push the password reset button.█ MightWeb - Web Hosting, Reseller Hosting, Virtual Servers & Dedicated Servers.
█ KVM VPS's - RAID 10 Pure SSD - Windows & Linux - Managed services available
█ Reseller Hosting with WHMCS | Pure SSD | Premium Network | SpamExperts
█ DDoS Protection, R1Soft Hourly Backups, LiteSpeed, 30 Day Money-Back Guarantee
-
07-11-2016, 05:32 PM #119Web Hosting Master
- Join Date
- Feb 2012
- Location
- New York, NY
- Posts
- 568
I question whether "the university of life" and low level non-managerial support positions qualifies someone to tell others "how the corporate world works".
Data breaches are never "trivial" to any company because they bring with them a huge amount of potential legal liability. The databases of at least five Penton sites were hacked (and are available online), and the hacker has claimed in a couple of reports that their hack of Penton was far more extensive then just those five sites so I don't really think this hack can be called "trivial".
If you truly think that this breach is trivial then you are obviously completely oblivious to the data breach notification laws of the 47 states that have enacted notification laws. Perhaps you should familiarize yourself with them if you consider this leak to be trivial, and specifically you should review the notification statutes of the states that have broader definitions of "personal information". Using Florida's statute as an example, "a user name or e-mail address, in combination with a password or security question and answer that would permit access to an online account. " is all that it takes for a breach to be considered non-"trivial" and trigger the notification requirements. California also has a broader definition of personal information and all it takes for a breach to become non-"trivial" is "a username or email address, in combination with a password or security question and answer that would permit access to an online account"
Originally Posted by whmcsguru
Originally Posted by elrooted
It is understandable if a company waits xx days to issue an official statement about a data breach (and the law, depending on state does give them xx days to do it) because they need to make sure their response conforms to the various notification laws, but it is not understandable if they don't take steps to limit the damage by doing something as simple as a mandatory password reset for everyone whose info is in those databases.
Originally Posted by MightWeb-Marcus
-
07-11-2016, 05:47 PM #120Caffeine addict
- Join Date
- Mar 2010
- Location
- CMYK-Land
- Posts
- 1,400
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.
Pretty soon we can expect hosting companies offering "double unlimited"
or "not limited unlimited with no limits".
-
07-11-2016, 05:59 PM #121Web Hosting Master
- Join Date
- Dec 2011
- Posts
- 1,460
You keep repeating this and I keep mumbling to myself the question "What planet do you live on?"
An information services company has had a significant chunk, possibly all of its assets stolen?
It doesn't get any less trivial than that?
If that doesn't warrant an All Hands On Deck response I don't know what does..."I've seen spam you people wouldn't believe. Routers on fire off the OCs of AGIS. I watched MXes burning in the dark near the Cyberpromo Gateway. All those moments will be lost in time, like tears in rain. TTL=0."
-
07-11-2016, 06:20 PM #122Web Hosting Evangelist
- Join Date
- Jul 2004
- Location
- Pittsburgh PA
- Posts
- 469
We are coming up on the end of the business day and not a word from them yet. At the minimum the system admin should have plugged the holes, forced changed passwords site wide and said "Yes we know about the issue".
At this point they are starting to look bad. Now the fact that they posted some news on their main company site today (not related to the hacking mind you) tells me someone should be in the office to handle the issue. They still have an old version of Wordpress running, I do see this forum is running the latest Patch Level version of vBulletin (that's a plus). Security is a must and with a site like this always being a target they need to step up their game in that department.▉▊ HostKoi Web Services LLC - Optimized Web Hosting, Reseller, VPS and Dedicated Servers.
▉▊ Services World Wide: US, UK, Europe & Asia
▊▉ True 24x7 Support
-
07-11-2016, 06:29 PM #123Web Hosting Industry Expert
- Join Date
- Dec 2007
- Location
- Indiana, USA
- Posts
- 19,178
█ Michael Denney - MDDHosting.com - Proudly hosting more than 37,800 websites since 2007.
█ Ultra-Fast Cloud Shared and Pay-By-Use Reseller Hosting Powered by LiteSpeed!
█ cPanel • Free SSL • 100% Uptime SLA • 24/7 Support
█ Class-leading support that responds in minutes, not days.
-
07-11-2016, 06:37 PM #124Web Hosting Evangelist
- Join Date
- Jul 2004
- Location
- Pittsburgh PA
- Posts
- 469
Looks like the leak happen on 2016-07-04
https://www.leakedsource.com/▉▊ HostKoi Web Services LLC - Optimized Web Hosting, Reseller, VPS and Dedicated Servers.
▉▊ Services World Wide: US, UK, Europe & Asia
▊▉ True 24x7 Support
-
07-11-2016, 07:20 PM #125█ ProlimeHost - Dedicated Server Hosting & KVM SSD VPS
█ Three Datacenter Locations: Los Angeles, Denver & Singapore
█ SuperMicro Hardware | Multiple Bandwidth Providers | 24/7 On-site Engineers
Similar Threads
-
Very interested on the status of WHT hacked db restore, Any one else?
By Manageandsupport_com in forum WHT Announcements, Feedback and QuestionsReplies: 16Last Post: 04-06-2009, 07:23 PM -
US and Canada Telephone Area Code DB for sale!
By Douglas in forum Other Offers & RequestsReplies: 2Last Post: 06-09-2006, 02:27 PM -
site + large DB for sale with some traffic + others
By DNGeeks in forum Other Offers & RequestsReplies: 7Last Post: 10-15-2004, 10:29 AM -
30+ Domains for sale - Discounts for WHT users
By deepensky90 in forum Other Offers & RequestsReplies: 9Last Post: 05-26-2003, 08:17 PM