GalaxyHostPlus - Virtualizor breach (e-mail data)
#1
Dear FreeVPS GalaxyHostPlus VPS 5, 9 and 22 Owners,

We have been informed that there has been a breach affecting the e-mail data of the old control panel of GalaxyHostPlus: Virtualizor. A security vulnerability (SQL Injection) in Virtualizor has been used to get a list of the GalaxyHostPlus Virtualizor client account e-mail addresses. Nothing else than the e-mail addresses has been leaked by this vulnerability.

As many of you already know GalaxyHostPlus has been migrating all of their infrastructure to SolusVM recently. Your SolusVM accounts are not affected by this! The data that was leaked is from months before as confirmed by GalaxyHostPlus in their official statement. We still recommend to double check your data and change passwords if necessary.

Official statement by GalaxyHostPlus: https://secure.galaxyhostplus.com/announ...-Data.html
#2
If it is SQL injection then how they can say it is just emails leaked?
Show support by wearing an Avatar or Signature or Custom Rank if you think freevps.us should not be closed.
Code:
[IMG]http://i65.tinypic.com/15z1afs.jpg[/IMG]
#SaveFreeVPS for the future
#3
Oh god, this is not good. I got my VPS removed a little time ago, but i guess that I am affected by this too as my account may have been on the server at that time. SolusVM has a history of getting exploits too just to inform people that it seems like no control panel for VPS is safe Wink

If it was just the e-mails then it is not really that big of a deal, it would have been way worse if it was anything else. I hope they are sure only the e-mails got out of the database, but in that case it might now have been the attackers intention to get into big trouble or harm the company.
#4
I am one of the victims of this data leak, and started to receive a whole thread of mails yesterday evening. They were all responding to one initial spam which came from a company called DarkCloud Hosting. This initial spam mail contained over 300 different mail addresses in clear CC (they were not BCC'ed) - the replies from different victims made it clear that the list appeared to originate from GalaxyHostPlus. At this point, I decided to privately report this issue to the FreeVPS staff.

By a statement from JanuszC we know that the breach occured on 9th of January via SQL Injection, so it is imho safe to assume that all data which was contained in the database as of this point in time was extracted.
Every GHP customer or persons who own or have previously owned a VPS from GHP should be on the look-out for any signs of identity theft using this data. His official position appears to be that only e-mail data (and only the data in Virtualizor) was affected.

Personally, I canceled my VPS 9 from GHP and requested that all my personal data is deleted from their infrastructure. The forum staff was very helpful in this case, but I want to make clear that it was a personal decision from my side to prevent any possible further damage to my privacy.

Three hours ago, I received an apparently official public statement from DarkCloud Hosting, which I want to share with you as it sheds some light on this incident:

Code:
Inspector General Notice

To whom it may concern.

Yesterday a breach was announced on the GHP's side, one of our ex-operatives exploited their panel database which we can not deny!
We had no idea about this matter and investigations were made and resulted in major improvements to both companies..
Discussions were made with the other side's company and we replied to their questions accordingly.
We hope that no issues will happen later on.

Best regards,
Albert Setland
Inspector General
Dark Cloud Hosting

2016 © Dark Cloud Hosting
#5
Hello.

Few updates we working with Virtualizor to find how this happened.

We found guy called Jamie who was sending these emails on the 9th of January. We have taken actions to migrate to SolusVM during that time. On 11/03/2016 no data was affected. Emails are based on same address like on 9th January 2016. only 320 Adress out of 2000 are affected on Virtualizor panel.

Virtualizor panel logs looks to be fine so I say it's safe to use. We still looking how did such data go to Jamie hand we trying to contact Jamie at this moment.

We are now on chat with Dark Host we are working to resolve this and track Jamie. If anyone have anymore info about it let us know.

All data is safe and no need to worry about it anymore SolusVM should be safe enough from such attacks.
#6
i'm popping in sofa... well... I'm scare hackers Happywide... Safe your emails and put password like 24 characters, :>
[Image: generate.php?top1=RIP+VPS+7&top2=ZxPlay+...ZxHost&sp=]
[Image: img.php?userid=13419]
#7
Everything is safe included password no personal data was taken on 06/01/16,

SolusVM should solve this issue. Our password are longer than 64 Characters+ so we can call it safe Smile
#8
(2016-03-12, 7:13:05 pm)Hidden Refuge Wrote:  A security vulnerability (SQL Injection) in Virtualizor has been used to get a list of the GalaxyHostPlus Virtualizor client account e-mail addresses. Nothing else than the e-mail addresses has been leaked by this vulnerability.

The shared host I am with uses Virtualizor, so I checked out the vulnerability and was surprised it has to do with a completely out of date version of  Virtualizor of 2013.  Must be very negligent then?  The vulnerability was fixed in v2.3.1 immediately after its discovery.  It was well documented everywhere with plenty of warnings going round:
http://www.securiteam.com/securitynews/5OP3F0UB7I.html

Virtualizor is now on v2.3.8.  Last release was in December 2015.
#9
(2016-03-13, 4:38:44 am)deanhills Wrote:  [..]I checked out the vulnerability and was surprised it has to do with a completely out of date version of  Virtualizor of 2013.  Must be very negligent then?  The vulnerability was fixed in v2.3.1 immediately after its discovery. [...]

I have posted this announcement based on the information I had at that point of time. And all I knew was that JanuszC (the GalaxyHostPlus CEO) said it was SQL Injection in the FreeVPS shoutbox and I had the link to their official statement.

If you follow their updates the story now changed a few times already. Whatever the truth is... I do not know. Please just always check their official updates/statements. There is another thread on another forum posted by a customer of GalaxyHostPlus that seems to have more information: https://www.lowendtalk.com/discussion/78...ct-details

I have not been informed about the real reasons by anyone. I had to gather information myself. We have only been informed about mails being sent out to the leaked e-mail addresses as puck has said (he reported it to us).
#10
(2016-03-13, 7:34:27 pm)Hidden Refuge Wrote:  I have not been informed about the real reasons by anyone. I had to gather information myself. We have only been informed about mails being sent out to the leaked e-mail addresses as puck has said (he reported it to us).

OK got it thanks HR.

I've just noticed that the points I raised have been subsequently discussed in the same LowEndTalk.com thread. GHP says that the incident happened with an up to date version of Virtualizor and they've brought it to the attention of Virtualizor.  Virtualizor said they were investigating the matter with GHP and so far haven't found any issues with Virtualizor.

Looks as though GHP is hard at work to complete the migration of all of the accounts to Solum VM.




Users browsing this thread: 1 Guest(s)