Go to listing page

Domain Factory admits hacker accessed customer details in January data breach

Domain Factory admits hacker accessed customer details in January data breach
  • An unidentified person on Domain Factory's forums claimed responsibility for the attack.
  • Compromised data included customer names, account numbers and passwords, physical and email addresses, phone numbers, bank data and more.

German hosting provider Domain Factory has admitted it suffered a data breach after a person in their user forum claimed they managed to compromise the firm's systems and access customer data. The company pulled its forum and launched an investigation into the claims that were later found to be true.

Domain Factory said it was breached by an unauthorized third-party on January 28, 2018. Compromised data included customer names, account numbers and passwords, physical and email addresses, phone numbers, dates of birth, bank names and account numbers such as IBAN or BIC, and Schufa scores.

The company said a "data feed" was compromised in the data breach that was only discovered on July 3.

Heise reports that the hackers likely used a variant of the Dirty Cow vulnerability to access the company's systems. The forum user who claimed responsibility for the attack alleged that the company owed him money and therefore targeted its systems.

Domain Factory has since blocked access to the data feed, disabled suspicious systems and changed the access data of all employees. It is has also notified authorities of the breach and is working with an external security company to conduct a forensic investigation of its system environment. The firm said it is taking additional security measures to protect customer privacy.

"We [will] take appropriate measures to prevent a recurrence of such a problem," Domain Factory said.

Customers have been advised to change their account passwords and those of any other services for which they have used the same password. MySQL, SSH, FTP and Live disk passwords should also be changed "as a precautionary measure" given that customers' websites may likely be compromised due to the breach.

Cyware Publisher

Publisher

Cyware