A German hosting provider Domainfactory has just confirmed a massive data breach which had taken place in January this year. Domainfactory has been a part of the UKs Host Europe group since 2013, they have over 200,000 customers and more than 1.3 million domains.
The company informed its customers about the breach through an official email and through their status page and also asked them to change their login credentials. Although Domainfactory can’t confirm if all of their customers were affected. The company has also asked its users to change their MySQL, SSH, FTP and live disk passwords of their websites as they might have been compromised too.
Domainfactory, on their status page stated that they had learned about the breach on 3rd July 2018, they find that a system change had taken place at the end of January and that certain customer information was unintentionally accessible to third parties via a data feed. This data feed was triggered when customers made changes to their DomainFactory accounts, but they caused system errors when they tried to save it. The information in the data feed included: customer name, company name, customer number, customer e-mail address, address, telephone number, DomainFactory telephone password, bank name and account number (eg IBAN or BIC), and the Schufa score. The feed did not contain any further payment data.
The company immediately closed the data feed after being informed and customers were asked to monitor their bank transactions and report anything suspicious to law enforcement officials.
The company’s forums were also taken down after a stranger claimed at the support forum that he had gained access to Domainfactory’s customer database. As proof, he shared internal data of several customers who then confirmed the authenticity of the information. An individual also publicly claimed on twitter to be the hacker responsible for the breach and claimed to have attacked Domainfactory because they allegedly owed him money.
Domainfactory has since informed the concerned authorities about the breach and have brought in external investigators to investigate the breach.