@sh97 said: @VirMach any any refugee offers? Just got 3 of VMs nuked.
Reguards
We can probably honor whatever amount of service you had left with them and renewal at the same price, but I don't know much about the type of offers they've been posting. Let's just say it'd be to help out any LES members, as I don't want to open the floodgates to a bunch of tickets at the moment (it'll be difficult to go through all of them, verify, and manually create.)
Wow nice. Their main plan was a $10 one - 1c/1g/20gb SSD and 20tb bw. I think most people are on that.
Is it me or is 'ColoCloud' being used as a scape goat to try minimizing referencing ColoCrossing and try make it look like some random Bangladeshi company is affected by this?
Is it me or is 'ColoCloud' being used as a scape goat to try minimizing referencing ColoCrossing and try make it look like some random Bangladeshi company is affected by this?
That's exactly what's happening.
They'll also replace the real CC word in the current thread title with the new imaginary one.
Blame ColoCrossing for sending an email saying that only one part of "ColoCloud" infra was breached and that ColoCrossing dedis/colocation were not affected. Well, also blame LEB for ignoring all the evidence that CC is lying about breach affect, I guess, but LEB aren't the ones that invented the "ColoCloud" term here.
@Wolv said:
It'd be nice to know if this breach was due to leaked credentials/human error or if there is an actual Virtualizor bug like CC is claiming.
We don't know yet. Right now @raindog308 simply assumed it is a bug in Virtualizor because of ColoCrossing, but nothing was made public in this regard. Normally at this stage the bug should have been made public and patched so that something like this does not happen to other providers too. However, there is no proof of such bug.
So this didn't affect anything on purpledaddy, right? As far as I can recall, that's the only CC plan I still have (for anything in production, anyway), and it seems to be working fine.
@SocksAreComfortable said:
So this didn't affect anything on purpledaddy, right? As far as I can recall, that's the only CC plan I still have (for anything in production, anyway), and it seems to be working fine.
@sh97 said: Wow nice. Their main plan was a $10 one - 1c/1g/20gb SSD and 20tb bw. I think most people are on that.
Don't know if @VirMach still accepts orders through https://vps.blackfriday but the deals in there are certainly comparable / better than the CC and may reduce all the ticketing !!!
@msatt said:
Don't know if @VirMach still accepts orders through https://vps.blackfriday but the deals in there are certainly comparable / better than the CC and may reduce all the ticketing !!!
You mean you want to buy a new VPS plan too,but are.... resisting? Give in to the temptation, give in...it's just a VPS.. till it is not.
Review all orders done since 25th
We found out a couple of the account got accessed by same person who made orders from those users accounts
So users started going through the leaked DB and they are trying the passwords on all known VPS hosts hoping users used the same password and they got lucky on some accounts
@serverpoint said:
Wait... Virtualizor saves passwords in plain text??? Our software wipes out the password from our DB once it is given to the client.
The passwords itself are saved salted, however, the email sent to the client with all the details (including VNC which no one changes the password for that) is not, and ColoCrossing never deleted that info from their db.
Did CC admit they fucked up and properly notify the people affected on what was accessed yet?
Nope. Looks like they're sticking with their Virtualizor bug story despite no other providers being affected that leverage Virtualizor and continue to say nothing important was accessed/breached. Can't say I'm surprised in the slightest.
If anyone is/was wondering why LES exists, this is Exhibit #754.
@Mason said:
Did CC admit they fucked up and properly notify the people affected on what was accessed yet?
Nope. Looks like they're sticking with their Virtualizor bug story despite no other providers being affected that leverage Virtualizor and continue to say nothing important was accessed/breached. Can't say I'm surprised in the slightest.
If anyone is/was wondering why LES exists, this is Exhibit #754.
The most funny part is, providers that abused that dump to spam people, got insta banned.
But CC is still fine.
@Mason said:
Did CC admit they fucked up and properly notify the people affected on what was accessed yet?
Nope. Looks like they're sticking with their Virtualizor bug story despite no other providers being affected that leverage Virtualizor and continue to say nothing important was accessed/breached. Can't say I'm surprised in the slightest.
If anyone is/was wondering why LES exists, this is Exhibit #754.
The most funny part is, providers that abused that dump to spam people, got insta banned.
But CC is still fine.
Also there is already phishing emails sent to the leaked email addresses, despite CC still saying "no personal information" was leaked.
@Mason said:
Did CC admit they fucked up and properly notify the people affected on what was accessed yet?
Nope. Looks like they're sticking with their Virtualizor bug story despite no other providers being affected that leverage Virtualizor and continue to say nothing important was accessed/breached. Can't say I'm surprised in the slightest.
If anyone is/was wondering why LES exists, this is Exhibit #754.
The most funny part is, providers that abused that dump to spam people, got insta banned.
But CC is still fine.
Also there is already phishing emails sent to the leaked email addresses, despite CC still saying "no personal information" was leaked.
They probably consider their customers to be companies, which means the email is no longer a "personal information". I am guessing same goes for their other customer details. This is why you should avoid using personal information online.
Never make the same mistake twice. There are so many new ones to make.
It’s OK if you disagree with me. I can’t force you to be right.
@Mason said:
Did CC admit they fucked up and properly notify the people affected on what was accessed yet?
Nope. Looks like they're sticking with their Virtualizor bug story despite no other providers being affected that leverage Virtualizor and continue to say nothing important was accessed/breached. Can't say I'm surprised in the slightest.
If anyone is/was wondering why LES exists, this is Exhibit #754.
The most funny part is, providers that abused that dump to spam people, got insta banned.
But CC is still fine.
Also there is already phishing emails sent to the leaked email addresses, despite CC still saying "no personal information" was leaked.
They probably consider their customers to be companies, which means the email is no longer a "personal information". I am guessing same goes for their other customer details. This is why you should avoid using personal information online.
I don't think the majority of privacy authorities would accept "we consider our customers to be companies" as a reason for misleading individuals about the disclosure of their personal information. Especially if the "Company" field is left blank in the profile.
@somik said:
They probably consider their customers to be companies, which means the email is no longer a "personal information". I am guessing same goes for their other customer details. This is why you should avoid using personal information online.
I don't think the majority of privacy authorities would accept "we consider our customers to be companies" as a reason for misleading individuals about the disclosure of their personal information. Especially if the "Company" field is left blank in the profile.
So what you are saying is to make the company field compulsory to circumvent the law...
Never make the same mistake twice. There are so many new ones to make.
It’s OK if you disagree with me. I can’t force you to be right.
I was a past unhappy customer of Colocrossing. If anyone wants to learn how not to run a hosting business, this is a good example. Not surprised about this breach.
Comments
Always someone else's fault never theirs. Take some god damned responsibility and own up to you screwed up, and then fix it like an adult.
Free Hosting at YetiNode | MicroNode| Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
Feel bad for them, despite the lies when they seemingly didn't understand what was going on fully, what a shitty and stressful situation to be in.
ExtraVM - KVM NVMe VPS in USA, EU, APAC -|- RackColo - Find Colo - Discord: mikea (DM before adding)
Is it me or is 'ColoCloud' being used as a scape goat to try minimizing referencing ColoCrossing and try make it look like some random Bangladeshi company is affected by this?
lex.st - Free Shared Hosting in 4 Locations (KC USA now live - sponsored by Incognet)
Was that post made by Colocrossing? It looks like a PR cleanup
That's exactly what's happening.
They'll also replace the real CC word in the current thread title with the new imaginary one.
-.- What scum
Free Hosting at YetiNode | MicroNode| Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
Blame ColoCrossing for sending an email saying that only one part of "ColoCloud" infra was breached and that ColoCrossing dedis/colocation were not affected. Well, also blame LEB for ignoring all the evidence that CC is lying about breach affect, I guess, but LEB aren't the ones that invented the "ColoCloud" term here.
It'd be nice to know if this breach was due to leaked credentials/human error or if there is an actual Virtualizor bug like CC is claiming.
We don't know yet. Right now @raindog308 simply assumed it is a bug in Virtualizor because of ColoCrossing, but nothing was made public in this regard. Normally at this stage the bug should have been made public and patched so that something like this does not happen to other providers too. However, there is no proof of such bug.
Please stop the planet! I wish to get off!
So this didn't affect anything on purpledaddy, right? As far as I can recall, that's the only CC plan I still have (for anything in production, anyway), and it seems to be working fine.
https://lowendtalk.com/discussion/comment/4430823#Comment_4430823
Don't know if @VirMach still accepts orders through https://vps.blackfriday but the deals in there are certainly comparable / better than the CC and may reduce all the ticketing !!!
You mean you want to buy a new VPS plan too,but are.... resisting? Give in to the temptation, give in...it's just a VPS.. till it is not.
blog | exploring visually |
91% OFF*
$9.54 PER YEAR
1024MB DDR4 RAM
2 vCORE
20GB SSD (NVMe)
BANDWIDTH 9216GB
2 IPv4
fastest fingers first
I bench YABS 24/7/365 unless it's a leap year.
Fixed that for you...
blog | exploring visually |
Sharing this comment by @servarica_hani on the OGF.
Providers, FYI/FYA.
Wait... Virtualizor saves passwords in plain text??? Our software wipes out the password from our DB once it is given to the client.
Remember HyperVM? And its creator committing suicide when all HyperVM based hosts got compromised and destroyed because of a bug in his software?
Times have changed. This stuff gets forgotten easily.
Nothing bad will happen (to anybody that's not a customer)
P-diddy is safe. He owns dedicated servers, which does not use virtualizor.
The passwords itself are saved salted, however, the email sent to the client with all the details (including VNC which no one changes the password for that) is not, and ColoCrossing never deleted that info from their db.
Did CC admit they fucked up and properly notify the people affected on what was accessed yet?
Nope. Looks like they're sticking with their Virtualizor bug story despite no other providers being affected that leverage Virtualizor and continue to say nothing important was accessed/breached. Can't say I'm surprised in the slightest.
If anyone is/was wondering why LES exists, this is Exhibit #754.
Head Janitor @ LES • About • Rules • Support
Also known as Dog ate my homework, excuse # 420
blog | exploring visually |
The most funny part is, providers that abused that dump to spam people, got insta banned.
But CC is still fine.
Free NAT KVM | Free NAT LXC
Please stop the planet! I wish to get off!
Also there is already phishing emails sent to the leaked email addresses, despite CC still saying "no personal information" was leaked.
They probably consider their customers to be companies, which means the email is no longer a "personal information". I am guessing same goes for their other customer details. This is why you should avoid using personal information online.
Never make the same mistake twice. There are so many new ones to make.
It’s OK if you disagree with me. I can’t force you to be right.
I don't think the majority of privacy authorities would accept "we consider our customers to be companies" as a reason for misleading individuals about the disclosure of their personal information. Especially if the "Company" field is left blank in the profile.
So what you are saying is to make the company field compulsory to circumvent the law...
Never make the same mistake twice. There are so many new ones to make.
It’s OK if you disagree with me. I can’t force you to be right.
I was a past unhappy customer of Colocrossing. If anyone wants to learn how not to run a hosting business, this is a good example. Not surprised about this breach.
it's really impressive with how spineless LET is
https://haveibeenpwned.com/Breach/ColoCrossing
Fuck this 24/7 internet spew of trivia and celebrity bullshit.