Fasthosts suffers security breach

Web-hosting company Fasthosts has warned its customers to change all their passwords after being targeted by hackers.

Fasthosts has written to its customers to advise them of a network intrusion involving one of its servers at the company’s Gloucester headquarters.

The company, which said it is working with the police, said the breach "could relate to Fasthosts customer data" and "as a precautionary measure" has asked its customers to update their passwords.

This includes the control panel, email, FTP, and database passwords, all of which can be changed via the customer control panel. Fasthosts said it has now implemented customer password encryption to further protect customer data.

In a statement, the company said: "A system-wide external security audit has removed the vulnerability that led to the recent network intrusion and enhanced the overall security appropriately."

"Fasthosts considers that its practices and procedures are up to date, and represent good practice in continually protecting the security of its customer data, and the company remains fully confident in its ability to do so. Fasthosts apologises for any concern or inconvenience caused to its customers as a result of the security review."

Last week, a Fasthosts update to a mail server permanently deleted some of its customers emails. But according to a Fasthosts spokesman, the network intrusion incident "is completely unrelated" to this.

Fasthosts said: "A number of Fasthosts customers last week experienced a reduction in email service. Following a human-error during an update to our mail server housekeeping processes, a number of Fasthosts Advanced POP3 mailboxes unfortunately incurred a failure resulting in a loss of stored emails."

"Although approximately 50% of emails were able to be restored from our backup, we regret that any lost emails will not be recoverable. Unfortunately for the other 50% of emails, the backup processes ran soon after the error, and hence these emails were non-recoverable. The technical issue is now fully resolved and Fasthosts has taken measures to ensure that this type of error should not occur again."

One Fasthosts customer told Web User: "I've since closed my Fasthosts account altogether. I never expected something like this to happen to such a big company."

While a second customer in an email to Web User said: "It seems like Fasthosts are being open and honest about being hacked, which seems sensible. I was concerned to hear the news but followed the instructions for changing passwords on my services. It didn't take long and probably should be done quite often anyway."

Graham Cluley, senior technology consultant at Sophos, commenting on the breach, said: "The biggest reason that security breaches keep happening is because humans are only human. They make mistakes and bad decisions. It may be a user making a poor decision about their individual PC's security, someone accidentally emailing the wrong person the wrong file, or it could be an IT team not doing their job properly to secure the defence of their network with firewalls, patches, network access control and anti-virus software."

"Properly securing and controlling your computers and access to your company's network reduces the chances of an embarrassing security breach happening. Firms need to take proper action now to prevent starring in tomorrow's embarrassing news headlines."

Are you a Fasthosts customer? Share your views in the Web User Forums or by emailing letters@webuser.co.uk.

www.fasthosts.com

Claim 50p off Web User's Ultimate PC & Web Workshops!

More news via RSS Post item to Del.icio.us Post item to Digg.com