OVH european rregion recently hacked

Status
Not open for further replies.

Loonycgb2

Active Member
957
2011
239
0
Posting from mobile so please mind me..
aoxjid.png
http://status.ovh.net/?do=details&id=5070
 
13 comments
Yeah got the email this morning they actually had an SSH key installed in the server i just ordered last week that i have not touched yet,
They even changed the password for it.

NnjAl8z.png
 
Waiting for my email, it better come! Or I won't be happy to have found out on a forum rather than email.

Sad to see, I would love to hear more on the matter though.

Use them for some backup servers, cheap enough
 
Update

Findings
-------

After our internal investigation, we assume that the hacker exploited the access to achieve two objectives:
- Recover the database of our customers in Europe
- Gain access to the installation server system in Canada

The European customer database includes personal customer information such as: surname, first name, nic, address, city, country, telephone, fax and encrypted password.
The encryption password is "Salted" and based on SHA-512, to avoid brute-force attacks. It takes a lot of technical means to find the word password clearly. But it is possible. This is why we advise you to change the password for your user name. An email will be sent today to all our customers explaining these security measures and inviting them to change their password.
No credit card information is stored at OVH. Credit card information was not viewed or copied.

As for the server delivery system in Canada, the risk we have identified is that if the client had not withdrawn our SSH key from the server, the hacker could connect from your system and retrieve the password stored in the .p file. The SSH key is not usable from another server, only from our backoffice in Canada . Therefore, where the client has not removed our SSH key and has not changed their root password, we immediately changed the password of the servers in the BHS DC to eliminate an risk there. An email will be sent today with the new password. The SSH key will be systematically deleted at the end of the server delivery process in both Canada and Europe. If the client needs OVH for support, a new SSH key will need to be reinstalled.

Overall, in the coming months the back office will be under PCI-DSS which will allow us to ensure that the incident related to a
specific hack on specific individuals will have no impact on our databases. In short, we were not paranoid enough so now we're switching to a higher level of paranoia. The aim is to guarantee and protect your data in the case of industrial espionage that would target people working at OVH.

We also filed a criminal complaint about this to the judicial authorities. In order not to disrupt the work of investigators, we will not give other details before the final conclusions.

Please accept our sincere apologies for this incident. Thank you for your understanding.

Regards,

Octave
 
:D database server was accesible from any server in the ovh network.No one has to worry the hacker wont get in your server. The hacker was actually just messing around and didnt realize it was ovh's server he accessed.
 
Status
Not open for further replies.
Back
Top