Letbox hack/outage

13»

Comments

  • FrankZFrankZ Moderator

    @Jab said: @FrankZ do you have a service active (or recently?) on LETBOX?

    I was a client from March 2014 to Dec 2020. I do not have any active service with LetBox currently.

    Thanked by (2)Jab bdl

    For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add

  • Since @SMARTHOST is feeling so talkative now: Maybe they can explain the leak of customer email addresses in late September:

    https://lowendspirit.com/discussion/comment/151050/#Comment_151050

    Was this a third incident?

    Also: Is there actually a network status page on smarthost.net anywhere? I've never found one.

    Thanked by (1)treesmokah
  • edited January 18

    @Jab said: @Brueggus - same, what are you active (recent) service status for LB/SH?

    I have active services with both, unfortunately.

    dnscry.pt - Public DNSCrypt resolvers hosted by LowEnd providers • Need a free NAT LXC? -> https://microlxc.net/

  • skorousskorous OGSenpai

    @Brueggus said:

    @Jab said: @Brueggus - same, what are you active (recent) service status for LB/SH?

    I have active services with both, unfortunately.

    Same. I got emails from both.

  • edited January 18

    Just got my notice today; pretty shameful conduct by a provider.

    First there was no notification of the ddos attack; I had to open a ticket at the time and ask what is going on with the steal. Communication is easy and cheap. It would have taken five minutes to hammer out a notification to all affected clients when I was clear that it wasn't going to be a quick or easy resolution. But nothing happened.

    So the real question, was it just an oversight, or was there hope that it would go unnoticed my most and get forgotten, or that the customer is not worthy or deserve to be notified of an attack that went on for over a week?

    Secondly why did it take weeks and weeks for the provider "to do the right thing"? The allegation first arose weeks ago on LET. If there was any concern or respect of the clients, notification of the breach could have/should have been sent out ASAP.

  • teamaccteamacc OGSenpai
    edited January 18

    @cornercase said:
    Since @SMARTHOST is feeling so talkative now: Maybe they can explain the leak of customer email addresses in late September:

    https://lowendspirit.com/discussion/comment/151050/#Comment_151050

    Was this a third incident?

    Also: Is there actually a network status page on smarthost.net anywhere? I've never found one.

    Got an email that says the following:

    SmartHost LLC recently became aware in late December 2023 of a cybersecurity incident impacting its client/billing platform.

    When SmartHost was made aware of the potential breach, we immediately performed global password resets for all client accounts and the server/service passwords that we could.

    I just checked my password manager. I created the entry for @SMARTHOST late August/early September 2023, and have succesfully used that very password today to log into both the client area as well as the SolusVM panel.

    Edit: all the communication from @SMARTHOST since that date are 1) related to invoice payment (invoice, reminder, payment confirmation) and 2) a reply to a ticket asking about downtime, getting a "there's ddos + hack attempt" in it. That information was not freely sent by @SMARTHOST but required me to send in a ticket myself.

    Hence, there's no communication on email until today. The latest news on their own website is from late August 2023, talking about a new DC.

    Hey teamacc. You're a dick. (c) Jon Biloh, 2020.

  • @teamacc said:

    @cornercase said:
    Since @SMARTHOST is feeling so talkative now: Maybe they can explain the leak of customer email addresses in late September:

    https://lowendspirit.com/discussion/comment/151050/#Comment_151050

    Was this a third incident?

    Also: Is there actually a network status page on smarthost.net anywhere? I've never found one.

    Got an email that says the following:

    SmartHost LLC recently became aware in late December 2023 of a cybersecurity incident impacting its client/billing platform.

    When SmartHost was made aware of the potential breach, we immediately performed global password resets for all client accounts and the server/service passwords that we could.

    I just checked my password manager. I created the entry for @SMARTHOST late August/early September 2023, and have succesfully used that very password today to log into both the client area as well as the SolusVM panel.

    Edit: all the communication from @SMARTHOST since that date are 1) related to invoice payment (invoice, reminder, payment confirmation) and 2) a reply to a ticket asking about downtime, getting a "there's ddos + hack attempt" in it. That information was not freely sent by @SMARTHOST but required me to send in a ticket myself.

    Hence, there's no communication on email until today. The latest news on their own website is from late August 2023, talking about a new DC.

    I received a similar email from LetBox. Also similarly, I logged in to change my password after receiving the email, and I was able to log in with the previous password.

  • SMARTHOSTSMARTHOST Hosting ProviderOG

    @cybertech said:

    @Brueggus said:
    This just arrived. No message from LetBox so far.

    @SMARTHOST care to clarify

    LetBox notices sent as well at same time.
    Seems to still be processing thru the external email provider that brand uses though.

    ~ SMARTHOST

    SmartHost™ - Intelligent Hosting! - Multiple Locations - US/EU! - Join our Resale Program
    https://www.smarthost.net - sales@smarthost.net - Ultra-Fast NVME SSD KVM VPS - $2.95/month!

  • SMARTHOSTSMARTHOST Hosting ProviderOG

    @treesmokah said:

    @remy said: I didn't intend to renew my services because of the lack of communication,now I'm hesitating.

    If you are thinking about it, I'm sorry, but there is no hope for you.
    I don't want to be mean, but after all of this shitshow, buying anything from them is the last thing I would be thinking of.

    But you do, and that is exactly what you have been, and are still continuing on doing.

    ~ SMARTHOIST

    SmartHost™ - Intelligent Hosting! - Multiple Locations - US/EU! - Join our Resale Program
    https://www.smarthost.net - sales@smarthost.net - Ultra-Fast NVME SSD KVM VPS - $2.95/month!

  • edited January 18

    I was somewhat caught by surprise too when I discovered that I could not login to the smarthost control panel sometime back in late September. I had to do a password reset to regain access. I didn't recieve any spam mails though.

  • edited January 19

    @SMARTHOST said:

    @treesmokah said:

    @remy said: I didn't intend to renew my services because of the lack of communication,now I'm hesitating.

    If you are thinking about it, I'm sorry, but there is no hope for you.
    I don't want to be mean, but after all of this shitshow, buying anything from them is the last thing I would be thinking of.

    But you do, and that is exactly what you have been, and are still continuing on doing.

    ~ SMARTHOIST

    Cry about it.

    @cornercase said:
    Since @SMARTHOST is feeling so talkative now: Maybe they can explain the leak of customer email addresses in late September:

    https://lowendspirit.com/discussion/comment/151050/#Comment_151050

    Was this a third incident?

    Also: Is there actually a network status page on smarthost.net anywhere? I've never found one.

    Lol, I also heard unverified rumors they got breached 2 years ago.

  • JabJab Senpai

    Still no e-mail from SMARTHOST, must be a big mailling.

    Haven't bought a single service in VirMach Great Ryzen 2022 - 2023 Flash Sale.
    https://lowendspirit.com/uploads/editor/gi/ippw0lcmqowk.png

  • @Jab said:
    Still no e-mail from SMARTHOST, must be a big mailling.

    It seems.

    I got the email from Letbox 24 hours ago and from Smarthost 7-8 hours ago.

  • @treesmokah said:

    @remy said: But most of the providers mentioned don't / rarely make offers on LES / LET.

    They do not cater to LowEndAudience which usually creates problems over funny amounts of money, and I respect that, not everyone has time to deal with LowEndMinds.
    Many of the providers I listed cater to audience that needs resilience, no matter who hates you, they will host you and tell attackers to fuck off. There are not many providers with balls left, and many of listed ones certainly got them.

    Mevspace in particular not only is resilient but also offers extremely nice prices on dedicated servers.
    The same goes for Terrahost and their "entry" series, unmetered(no FUP) 1Gbps dedi for $40? I would take it any day, especially when they ignore DMCA and other funny "legal" threats and offer high capacity in-house ddos protection(which is extremely rare nowadays).

    ml.cloud aka Media Land LLC, just google them ;) Its as close to North Korea location as you gonna get, less than 2h by car.

    well LES can also tell providers to fuckoff, but there are to many mjj's around. I will cancel my Services with this Provider at the end of the billig periode.

    Thanked by (2)treesmokah Encoders
Sign In or Register to comment.