cPanel Company Hacked over the Weekend, Customer Data Stolen

cPanel Company Hacked over the Weekend, Customer Data Stolen

cPanel Inc., the company selling the cPanel and WHM website hosting technologies, has announced a data breach of its customers database that took place over the weekend.

No, you don’t have to check your own cPanel accounts for a leak, that’s just the product that cPanel Inc. sells hosting providers to help them manage their business.

It’s the details of these companies (or individuals) that bought the cPanel and WHM products that’s been stolen.

Names, contacts, and passwords were stolen

cPanel Inc. says that names, contact information, and passwords were taken during the incindet. The company said that the password strings were encrypted and salted, so to their credit, they weren’t storing this data in cleartext.

“Although current passwords are stored salted and encrypted, we are accelerating our move to stronger password encryption at the same time in order to minimize disruption. In order to safeguard the system, we will force all users with older password encryption to change their passwords,” said Aaron Stone, Director of Internal Development at cPanel Inc.

The company announced its customers about the breach via a blog post, but also sent out emails to all of its clients.

Credit card information was stored on another server

A few days prior to the incident, the cPanel team also released a security fix for its products. The company says that the attackers did not exploit that issue to break in.

Mr. Stone said that the company’s dev team detected the breach in due time, and the attacker did not have the time to steal all the customer data. Because of this reason, the support team could not determine how many clients were affected by the incident.

cPanel did say that no credit card information was stolen because that type of information was saved on a separate system, which the attackers did not target.

#cpanel gets hacked, decides afterward that they should maybe just maybe, hash passwords vs encrypting https://t.co/8FSsJaV8cD Guessing md5? — Juan Treminio (@juantreminio) January 26, 2016
In case you missed it: Cpanel user databases breached https://t.co/jyF3UIoZTV — Frank Denis (@jedisct1) January 26, 2016

SOURCE