The cPanel Inc. company that manages the popular web hosting account management tool is warning customers about a possible data breach occurred over the weekend.
According to the cPanel firm customers’ account information may have been compromised, hackers tried to access a database containing users’ data, including names, salted passwords, and contact information. cPanel Inc. added that financial have not been accessed because are stored on a different server. The company said it interrupted the breach, but the hackers might have still gained access to the details of cPanel Store and Manage2 users.
“I am writing to let you know that one of our user databases may have been breached. Although we successfully interrupted the breach, it is still possible that user contact information may have been susceptible.” states the official cPanel’s statement.
“The customer contact information that may have been susceptible is limited to names, contact information, and encrypted (and salted) passwords. Please note that our credit card information is stored in a separate system designed for credit card storage and is not impacted by this possible breach.”
The company announced the adoption of further measures to protect its systems and customers, it will force a password reset to limit the impact of the alleged security breach.
“Although current passwords are stored salted and encrypted, we are accelerating our move to stronger password encryption at the same time in order to minimize disruption. In order to safeguard the system, we will force all users with older password encryption to change their passwords,” says Aaron Stone, director of internal development at cPanel.
A couple of weeks ago, cPanel released new builds that fix dozen vulnerabilities in both cPanel & WebHost Manager versions, some of the flaws are critical and could be exploited by hackers to execute arbitrary code.
“It is important to highlight that this incident was not related to cPanel products or the Targeted Security Release published on January 18th.”
cPanel urges customers to change passwords provided to cPanel tech support via the ticket system.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.