14 DAY TRIAL // KDMS Team claims to have hacked LeaseWeb. However, the hosting provider denies that any internal systems have been compromised by the hackers.
Over the weekend, LeaseWeb.com was defaced. The hackers posted the following message on the website: “Hello LeaseWeb. Who Are You? Who is but the form following the function of what and what are you is a hosting company with no security.”
They added, “Do you know what that means? We owned all of your hosted sites. Index on your site is the prove (sic).”
On the other hand, LeaseWeb representatives claim this is nothing more than a DNS hijack that has only impacted leaseweb.com.
“For a short period of time some visitors of leaseweb.com were redirected to another, non-LeaseWeb IP address, after the leaseweb.com DNS was changed at the registrar,” the LeaseWeb stated.
“Our security investigation so far shows that no domains other than leaseweb.com were accessed and changed. No internal systems were compromised. One of the security measures we have in place is to store customer data separately from any publicly accessible servers; we have no indication that customer data was compromised as a result of this DNS hijack.”
In addition to the defacement, emails sent to the company were not received, and domain name registration and server reinstallation through Self Service Center was disabled.
LeaseWeb says it’s still investigating the attack, but it denies reports according to which the hackers leveraged a vulnerability in WHMCS. It appears the web host uses its in-house developed software for the customer panel. There’s no evidence that this software has been exploited.
“Right now, it appears that the hijackers obtained the domain administrator password and used that information to access the registrar. We will continue to investigate this incident thoroughly and take decisive action accordingly,” LeaseWeb noted.
Even after the statement was released, the hackers insisted that they gained access to customer information. However, they haven’t published any data to back their claims.