| 收到的邮件内容
On the afternoon of Sunday 24 May 2020, we became aware that a stolen
copy of a database backup containing some of our customers’ personal
data dating from 30 October 2018 had been posted online. We regret to
inform you that your account was included in this breach. Even if you
are no longer a customer and your account has since been deleted, it was
in our database on 30 October 2018 when the data was taken.
The compromised data includes the names and contact details for everyone
who was or had been a customer on 30 October 2018, including their email
addresses, postal addresses and phone numbers. It also holds
cryptographically hashed copies of control panel passwords, some details
of payments made, and the content of every support ticket they had
filed. Details of your services, including hostnames and IP addresses,
were also leaked.
While this is clearly a very serious data breach, the database does not
have any credentials for accessing servers, unless they were disclosed
in support tickets and not changed in the following 18 months. Nor do
the payment details contain any credit card or bank account numbers, and
as all payments are received via PayPal, we could not access that
information if we wanted to. No filesystem snapshots are included in the
compromised data, so we are completely confident that any data on your
server remains secure.
Cryptographically hashed passwords are the industry standard for storing
login details to websites, and they provide a reasonable degree of
security in the event that the database is compromised. However, when
insecure passwords have been used, such as dictionary words, common
names or dates of birth, they can be cracked fairly easily offline.
Mindful of this, we have disabled any accounts that have not since been
removed and whose password has not been changed since 30 October 2018.
If this applies you will need to do a password reset before you can log
in. There is a link to do this on the login page:
https://bonsai.vmhaus.com/
If you use the same password on other systems, please reset those
passwords too. It is best practice to use a separate, randomly generated
password for each site, and store these in a password manager or other
secure location, than to memorise a single password which you use on
everywhere.
We have clear and compelling evidence that this data was posted online
by a former director of VMHaus Ltd named Wai Hoe Au Yong, who also uses
the online name Auriga. We believe that he illegally took a copy of this
data shortly before his access to VMHaus systems was revoked as part of
the acquisition by Mythic Beasts. This was not the result of a security
vulnerability, but the illegal actions of an individual who had
legitimate access to the server at the time. Nevertheless, the breach is
of course deeply unfortunate and we are very sorry for the inconvenience
and confusion it has caused. We believe openness is the best policy in
responding to this incident, and have published a full statement on our
website:
https://vmhaus.com/personal-data-breach
VMHaus will never email you asking for payment details, server
credentials or passwords. All payments are taken by Paypal which is
accessed through our control panel:
https://bonsai.vmhaus.com/
If you have any questions or concerns, please contact us by email to
admin@vmhaus.ltd.uk, submit a ticket in our control panel, or use the
@VMHausOfficial 推特 account.
We are, once again, extremely sorry this has happened
|
主机参考
评论前必须登录!
注册