Resultados 1 a 2 de 2
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,000

    Heartbleed? OpenITC :: Potential security breach - action required

    Começou o espetáculo do crescimento ... de fraudes.

    "... two customers reported products being ordered for their accounts that were not placed by themselves yesterday (15th April 2014)."

    We are writing to inform you that we have reason to believe some systems may have been compromised.

    The basis of this belief is that two customers reported products being ordered for their accounts that were not placed by themselves yesterday (15th April 2014). We currently believe this was done with access to their account passwords. Whilst we cannot be sure our customer systems haven't been compromised, we want to ensure that we have taken every action to ensure our systems are secure.

    We are currently investigating the issue but have immediately taken the following actions:

    1) Taken our management platform offline
    2) Requiring all our customers change their password
    3) Security phrases will be changed

    As part of the Heartbleed issue, we recommend you change all other OpenITC passwords (e.g. root passwords for VPS, dedicated servers, etc) at a minimum. Although not related to us, you should reset all your passwords on all systems you use over the Internet for peace of mind. This is especially true if you re-use your passwords across different sites.

    We are still early in our investigations but beyond these random orders being placed, we have no further evidence of ill intent.

    We do not have any further information at this time and will be unable to comment further until we have concluded our investigation at which point we will send out another e-mail.

    As the management platform is offline, the VPS control panel will also be offline. This will remain the case for at least the remainder of the day. We apologise for the inconvenience.

    We would like to take this opportunity to remind customers about how your private data is stored:

    a) Authentication details for our management platform at clients.openitc.co.uk are stored with a unique random (per account) salt and hashed (multiple rounds).
    b) All data stored on clients.openitc.co.uk resides on fully encrypted hard drives.
    c) Physical access to clients.openitc.co.uk is secured.
    d) Administrative access to clients.openitc.co.uk is restricted by strong passwords and very narrow IP access lists.


    Regards
    OpenITC
    16 Apr 2014

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010
    Posts
    15,000

    OpenITC :: Potential security breach - No breach, bug fixed

    Alarme falso.

    This is an update on the potential security breach email from earlier today.

    There has been no breach in our systems. We have identified the issue which has been causing orders to appear in other people's accounts. An update was made to the system some days ago which incorrectly allocated orders for certain accounts. This has now been rectified and the billing system updated.

    Only 3 accounts were affected and we will be contacting these users individually, shortly.

    As it coincided with the Heartbleed issue we responded far more rigorously than would otherwise have warranted but we realise that this has caused concern and inconvenience for you. At all times we weighed the potential inconvenience against the damage that could have been caused to your data and we decided that a strong response was necessary. We accept full responsibility for the inconvenience you may have experienced and would like to apologise for any alarm this caused.

    Access has been restored to the client control panel and all systems are back to normal.

    Thank you for your patience and if you have any questions, please feel free to contact us.

    Regards
    OpenITC
    16 Apr 2014

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens
  •