14 DAY TRIAL // France-based web hosting company OVH has been hacked. As a result of the incident, customers are being advised to change their passwords.
“A few days ago, we discovered that the security of our internal network at our offices in Roubaix had been compromised. After internal investigations, it appeared that a hacker was able to obtain access to an email account of one of our system administrators,” OVH representatives stated.
“With this email access, they were able to gain access to the internal VPN of another employee. Then with this VPN access, they were able to compromise the access of one of the system administrators who handles the internal backoffice.”
The company believes the cybercriminals were after two things: their European customer database, and their installation server system in Canada.
The European customer database holds customer names, contact details, and encrypted passwords. Fortunately, the company doesn’t store any credit card information.
As far as the passwords are concerned, they’re encrypted with SHA-512 and they’re salted. However, as a precaution, OVH advises customers to change their passphrases.
“As for the server delivery system in Canada, the risk we have identified is that if the client had not withdrawn our SSH key from the server, the hacker could connect from your system and retrieve the password stored in the .p file. The SSH key is not usable from another server, only from our backoffice in Canada,” OVH noted.
“Therefore, where the client has not removed our SSH key and has not changed their root password, we immediately changed the password of the servers in the BHS DC to eliminate any risk there.”
OVH has filed a report with authorities. In addition, it has taken a series of measures to prevent future incidents, including resetting employee passwords, and setting up a new VPN in a secure PCI-DSS room.