14 DAY TRIAL // It's one thing when a company that uses the web gets hacked into, but when a web host gets hacked, this can mean one of two things: either they were hit by pros, or they had really bad security. The second case would seem outrageous to me - you cannot afford to be a web host and not have good security. If web hosters don't know anything about web security - then who does?
In any case, the ones that have been hit are Layered Technologies, and the hack might have exposed passwords for 6.000 clients - this may seem a small number, compared to other hacks, but think about the profile of this firm, and what every account means!
It all happened on Monday, and as The Register informs us, the breach was executed by attacking one of the shelf applications integrated into the company's support desk that manages help tickets submitted by customers. Their security system had been bypassed and whoever did it, got access to a lot of information, though it is not known for sure if the data has been retrieved. No sensitive info like social security numbers were stored in the database, so I can't think that ID theft would be something to fear. All they got access to was names, home addresses, e-mail addresses and phone numbers - these are just basic contact details. Also, server login credentials have been exposed. The problem with that can be easily solved, just like in other similar cases. If a hacker gets your password, you just have to change it fast, before he gets a chance to actually use it for something.
In any case, this is not something new - as that report from Symantec showed, hackers are getting smarter and smarter, so now, instead of separately attacking sites, they attack the web host, in order for them to take over web pages a lot easier.