Softaculous Support System Screenshots May Have Exposed Customer Passwords

MichaelCeeMichaelCee ModeratorHosting ProviderOGServices Provider
edited May 30 in Industry News

Just got this email:

Dear Customer,

We are writing to inform you of a security incident concerning our employee productivity monitoring system.

It has come to our attention that screenshots taken at regular intervals from our support employee(s) systems were inadvertently stored in a publicly accessible folder. These screenshots may have contained sensitive customer information, including server passwords submitted through our support systems between January and February 2025.

While the likelihood of any specific password appearing in these screenshots is low, we strongly recommend that you change your server passwords immediately if you submitted them via any of our support channels during this time.

However, we want to reassure you that there is no known or reported vulnerability in any of our software products.
None of our infrastructure has been compromised.

Steps We Are Taking to Mitigate Future Risk:

  • We are introducing a secure method across all products for customers to grant support access using public/private key authentication, eliminating the need to share passwords.
  • All root logins in Virtualizor and Webuzo will trigger an email notification with the IP address of the login attempt.
  • We will display a warning in the Admin Panel if a password is older than 3 months, suggesting a reset.
  • API keys will include a recommendation to restrict access to specific IPs.
  • Our support system will send a follow-up email prompting password resets once a ticket is closed.

Important Note Regarding Password Storage:
We have seen some misinformation regarding how we store passwords. Please be assured that all end-user passwords are securely hashed and never stored in plain text.

Recommended Customer Action:
We strongly advise all customers to reset any passwords submitted through our support systems (including ticket and chat) as a best practice—not just for our systems, but across any support platform you use.

We sincerely apologize for this incident and appreciate your prompt attention and understanding as we work to enhance our systems and security protocols.

Regards,
The Softaculous Team

Michael from DragonWebHost & OnePoundEmail

Comments

  • vyasvyas OGSenpai
    edited May 30

    Told you I only had three coffee breaks, boss… You claimed four.. and dinged me a break next day.

    I got proof I was right … and screenshots to prove it !!

    Said a softaculous employee

    ——

    Btw, why would anyone take SS of employees’ screen with sensitive information ?? Is this common practice??

    Thanked by (1)MichaelCee

    blog | exploring visually |

  • MichaelCeeMichaelCee ModeratorHosting ProviderOGServices Provider

    @vyas said:
    Told you I only had three coffee breaks, bosd. You claimed four.. and dinged me a break next day.

    I got proof I was right … and screenshots to prove it !!

    Said a softaculous employee

    ——

    Btw, why would anyone take SS of employees’ screen with sensitive information ?? Is this common practice??

    This is how it worked when I freelanced on Upwork, random screenshots uploaded to the project with the client as well as an hourly report on how many keystrokes you made and your mouse activity. It's some 1984 bs

    Thanked by (1)vyas

    Michael from DragonWebHost & OnePoundEmail

  • AuroraZeroAuroraZero Hosting ProviderRetired

    Jeebus Christ on a motorbike!!! Wtf is wrong people anymore. Who thinks this crap up anyways.

    Free Hosting at YetiNode | MicroNode| Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?

  • skorousskorous OGSenpai

    Ha ha ha ha ha ha ha .... awesome.

Sign In or Register to comment.

© LowEndSpirit 2025

ipv6 ready