I would hope that was just a one time deal and he is not handing out the link to everyone who asks.
I do, everyone who reached out was a long time member that was most likely affected and wanted to check for himself.
I would consider passing around links to a hacked data base of customer information a black hat activity.
I would like to hear other members thoughts on this.
Yes, Absolutely. You can't justify it as checking for X once it's been confirmed. People should assume the data has been breached and act accordingly! Spreading it now is morally wrong imo
@chris said: I would consider passing around links to a hacked data base of customer information a black hat activity.
If we are talking of stolen user data ( name, address, credit/debit card details, any personal info), sharing the stolen data just makes you an accomplice, it might be funny for some, but for those in the stolen data it is not.
We are not talking about ISO images and Box Office movies here or top 10 Pornhub stuff, we are talking about people addresses, names and payment info. That passes morally wrong, and it is actually a felony in all modern countries. I do not know the US/CA laws, but in the EU, this is a thing that will get the initial hacker team in jail if caught.
Spreading the data makes you an "accomplice" on some level.
I say a perma ban on the data being shared and links to the data,
Businesses that got hacked and didn't notify clients in a timely manner should get a perma ban from advertising here. With a note in their sig of how many days to inform.
@chris said:
I say a perma ban on the data being shared and links to the data,
Businesses that got hacked and didn't notify clients in a timely manner should get a perma ban from advertising here. With a note in their sig of how many days to inform.
Yes, absolutely agree. Data protection should be taken more serious here too. Protection means for me awareness on the one hand and measures when violating on the other hand.
@chris said:
I say a perma ban on the data being shared and links to the data,
Businesses that got hacked and didn't notify clients in a timely manner should get a perma ban from advertising here. With a note in their sig of how many days to inform.
Yes, absolutely agree. Data protection should be taken more serious here too. Protection means for me awareness on the one hand and measures when violating on the other hand.
Hacking happens, I can forgive a mistake learnt from but hearing these response times and lack of interest makes me want public floggings. Theres thousands upon thousands of people around the world having their data shared around for some form of amusement. Disgusting.
Fortunately I'm yet to see a provider I use, So I'm hoping I don't have to take any action in terms of finding new providers anywhere.
@chris said:
I say a perma ban on the data being shared and links to the data,
Businesses that got hacked and didn't notify clients in a timely manner should get a perma ban from advertising here. With a note in their sig of how many days to inform.
Honestly, that's not even the worst part. It was a shame that cloudie tried to downplay the situation.
@chris said:
I say a perma ban on the data being shared and links to the data,
Businesses that got hacked and didn't notify clients in a timely manner should get a perma ban from advertising here. With a note in their sig of how many days to inform.
Honestly, that's not even the worst part. It was a shame that cloudie tried to downplay the situation.
That's PR mitigation - I'd expect that to be honest! We all see through it but there was a huge window where users could have been informed. We don't know who's had that data and for how long in that time. Machines of clients could well be compromised by now. For me I'd be wiping everything and starting afresh. Finding out weeks later wouldn't be acceptable to me and that provider would be a distant memory to me.
To any other providers who get hacked after this - An email letting clients know of a reported breach should be your first port of call, With subsequent updates. I couldn't forgive anything longer than 24hrs during xmas period. 6 during normal working hours
@whmcssec has been banned. We weren't sure if it was actually them at first or just someone trolling. They have since posted here bragging about more hosts they've exploited and leaked the customer databases of. LES will not be a platform for this.
@Mason said: @whmcssec has been banned. We weren't sure if it was actually them at first or just someone trolling. They have since posted here bragging about more hosts they've exploited and leaked the customer databases of. LES will not be a platform for this.
For balance, They did say they were going to be more responsible about the data going forward! Whilst I agree with your decision based upon past disclosures - I'd argue it's less dangerous now and probably helpful to the community to be ahead of the curve in securing things! I'd allow the disclosures personally with strict rules if it were me I do hope you reconsider the decision personally just for those who may be at risk
Maybe 12 for one man teams ofc. But yeah, that is the whole sucky thing about how Cloudie handled it, even calling it "PR mitigation" I would say it did more damage than coming clean right away since it was already known that the whole database was downloaded when I claimed it was only "unauthorized access".
Maybe 12 for one man teams ofc. But yeah, that is the whole sucky thing about how Cloudie handled it, even calling it "PR mitigation" I would say it did more damage than coming clean right away since it was already known that the whole database was downloaded when I claimed it was only "unauthorized access".
For sure, it speaks to their character. Scummy but I do understand the play
@Mason said: @whmcssec has been banned. We weren't sure if it was actually them at first or just someone trolling. They have since posted here bragging about more hosts they've exploited and leaked the customer databases of. LES will not be a platform for this.
For balance, They did say they were going to be more responsible about the data going forward! Whilst I agree with your decision based upon past disclosures - I'd argue it's less dangerous now and probably helpful to the community to be ahead of the curve in securing things! I'd allow the disclosures personally with strict rules if it were me I do hope you reconsider the decision personally just for those who may be at risk
I'm fine with sharing of information and keeping track of which hosts have been hacked. What I'm not cool with is platforming glorified achievement posts where they pat themselves on the back and act like they are doing the community a favor by extorting hosts not to leak their customer's data.
@Mason said: @whmcssec has been banned. We weren't sure if it was actually them at first or just someone trolling. They have since posted here bragging about more hosts they've exploited and leaked the customer databases of. LES will not be a platform for this.
For balance, They did say they were going to be more responsible about the data going forward! Whilst I agree with your decision based upon past disclosures - I'd argue it's less dangerous now and probably helpful to the community to be ahead of the curve in securing things! I'd allow the disclosures personally with strict rules if it were me I do hope you reconsider the decision personally just for those who may be at risk
I'm fine with sharing of information and keeping track of which hosts have been hacked. What I'm not cool with is platforming glorified achievement posts where they pat themselves on the back and act like they are doing the community a favor by extorting hosts not to leak their customer's data.
Yeah, totally get that! Completely agree tbh I suppose users can share info
I'm not sure why these "hackers" are trying to overstate their position and value, it's quite laughable. The vulnerability they're using was very easy to find, and given the vendors history they won't be patching it any time soon. They also missed a good chunk of other issues staring them right in the face but I won't egg them on more than necessary.
@wdmg said:
The vulnerability they're using was very easy to find, and given the vendors history they won't be patching it any time soon.
Which is?
Don't go there.
I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
@wdmg said:
The vulnerability they're using was very easy to find, and given the vendors history they won't be patching it any time soon.
Which is?
Don't go there.
I think he's just asking what company sells the addons/themes.
If I misread that, please carry on.
I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
Comments
They rudely deleted my ticket, chose to ignore me, and chose to hide it without notifying the customer.
@whmcssec you forgot my data in the cloudie leak
youtube.com/watch?v=k1BneeJTDcU
All of my VMs: https://nodecheck.net/s/otusibrc/
what?
lol! this reminds me of a case in which one user had forgotten his password and hoped to find his credentials in the leaked data!
Yes, Absolutely. You can't justify it as checking for X once it's been confirmed. People should assume the data has been breached and act accordingly! Spreading it now is morally wrong imo
Chris on https://hostingforums.net/
If we are talking of stolen user data ( name, address, credit/debit card details, any personal info), sharing the stolen data just makes you an accomplice, it might be funny for some, but for those in the stolen data it is not.
We are not talking about ISO images and Box Office movies here or top 10 Pornhub stuff, we are talking about people addresses, names and payment info. That passes morally wrong, and it is actually a felony in all modern countries. I do not know the US/CA laws, but in the EU, this is a thing that will get the initial hacker team in jail if caught.
Spreading the data makes you an "accomplice" on some level.
Host-C - VPS Services Provider - AS211462
"If there is no struggle there is no progress"
I say a perma ban on the data being shared and links to the data,
Businesses that got hacked and didn't notify clients in a timely manner should get a perma ban from advertising here. With a note in their sig of how many days to inform.
Chris on https://hostingforums.net/
Yes, absolutely agree. Data protection should be taken more serious here too. Protection means for me awareness on the one hand and measures when violating on the other hand.
Hacking happens, I can forgive a mistake learnt from but hearing these response times and lack of interest makes me want public floggings. Theres thousands upon thousands of people around the world having their data shared around for some form of amusement. Disgusting.
Fortunately I'm yet to see a provider I use, So I'm hoping I don't have to take any action in terms of finding new providers anywhere.
Chris on https://hostingforums.net/
Honestly, that's not even the worst part. It was a shame that cloudie tried to downplay the situation.
That's PR mitigation - I'd expect that to be honest! We all see through it but there was a huge window where users could have been informed. We don't know who's had that data and for how long in that time. Machines of clients could well be compromised by now. For me I'd be wiping everything and starting afresh. Finding out weeks later wouldn't be acceptable to me and that provider would be a distant memory to me.
To any other providers who get hacked after this - An email letting clients know of a reported breach should be your first port of call, With subsequent updates. I couldn't forgive anything longer than 24hrs during xmas period. 6 during normal working hours
Chris on https://hostingforums.net/
@whmcssec has been banned. We weren't sure if it was actually them at first or just someone trolling. They have since posted here bragging about more hosts they've exploited and leaked the customer databases of. LES will not be a platform for this.
Head Janitor @ LES • About • Rules • Support
For balance, They did say they were going to be more responsible about the data going forward! Whilst I agree with your decision based upon past disclosures - I'd argue it's less dangerous now and probably helpful to the community to be ahead of the curve in securing things! I'd allow the disclosures personally with strict rules if it were me
I do hope you reconsider the decision personally just for those who may be at risk
Chris on https://hostingforums.net/
Maybe 12 for one man teams ofc. But yeah, that is the whole sucky thing about how Cloudie handled it, even calling it "PR mitigation" I would say it did more damage than coming clean right away since it was already known that the whole database was downloaded when I claimed it was only "unauthorized access".
For sure, it speaks to their character. Scummy but I do understand the play
Chris on https://hostingforums.net/
I'm fine with sharing of information and keeping track of which hosts have been hacked. What I'm not cool with is platforming glorified achievement posts where they pat themselves on the back and act like they are doing the community a favor by extorting hosts not to leak their customer's data.
Head Janitor @ LES • About • Rules • Support
Yeah, totally get that! Completely agree tbh I suppose users can share info
Chris on https://hostingforums.net/
But lying/downplaying something isn't worth it imo, the truth always comes out and then you look stupid.
Absolutely, but it's not just this industry most will be clever with language for legal reasons
Chris on https://hostingforums.net/
Oh 100%, our society wouldn't survive if everyone was honest. Which is a shame and clearly shows we life in a doomed system build on lies.
May I start a no bs business in 2024 and survive.
This can help confirm if passwords were compromised.
No.
Troy has denied adding cloudie's dump since the data is too small.
Yup: "there's a backlog of 7-figure breches to process"
I'm not sure why these "hackers" are trying to overstate their position and value, it's quite laughable. The vulnerability they're using was very easy to find, and given the vendors history they won't be patching it any time soon. They also missed a good chunk of other issues staring them right in the face but I won't egg them on more than necessary.
Which is?
Don't go there.
I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
I think he's just asking what company sells the addons/themes.
ExtraVM - High RAM Specials
Yours truly.
If I misread that, please carry on.
I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
so worst case scenario, if you uses their plugin you have to check your whmcs instalation?
i never heard and/or uses that services though, best of luck for LES provider. you'll never be too careful
Fuck this 24/7 internet spew of trivia and celebrity bullshit.