收到的邮件内容
On the afternoon of Sunday 24 May 2020, we became aware that a stolen copy of a database backup containing some of our customers’ personal data dating from 30 October 2018 had been posted online. We regret to inform you that your account was included in this breach. Even if you are no longer a customer and your account has since been deleted, it was in our database on 30 October 2018 when the data was taken.
The compromised data includes the names and contact details for everyone who was or had been a customer on 30 October 2018, including their email addresses, postal addresses and phone numbers. It also holds cryptographically hashed copies of control panel passwords, some details of payments made, and the content of every support ticket they had filed. Details of your services, including hostnames and IP addresses, were also leaked.
While this is clearly a very serious data breach, the database does not have any credentials for accessing servers, unless they were disclosed in support tickets and not changed in the following 18 months. Nor do the payment details contain any credit card or bank account numbers, and as all payments are received via PayPal, we could not access that information if we wanted to. No filesystem snapshots are included in the compromised data, so we are completely confident that any data on your server remains secure.
Cryptographically hashed passwords are the industry standard for storing login details to websites, and they provide a reasonable degree of security in the event that the database is compromised. However, when insecure passwords have been used, such as dictionary words, common names or dates of birth, they can be cracked fairly easily offline. Mindful of this, we have disabled any accounts that have not since been removed and whose password has not been changed since 30 October 2018. If this applies you will need to do a password reset before you can log in. There is a link to do this on the login page:
https://bonsai.vmhaus.com/
If you use the same password on other systems, please reset those passwords too. It is best practice to use a separate, randomly generated password for each site, and store these in a password manager or other secure location, than to memorise a single password which you use on everywhere.
We have clear and compelling evidence that this data was posted online by a former director of VMHaus Ltd named Wai Hoe Au Yong, who also uses the online name Auriga. We believe that he illegally took a copy of this data shortly before his access to VMHaus systems was revoked as part of the acquisition by Mythic Beasts. This was not the result of a security vulnerability, but the illegal actions of an individual who had legitimate access to the server at the time. Nevertheless, the breach is of course deeply unfortunate and we are very sorry for the inconvenience and confusion it has caused. We believe openness is the best policy in responding to this incident, and have published a full statement on our website:
https://vmhaus.com/personal-data-breach
VMHaus will never email you asking for payment details, server credentials or passwords. All payments are taken by Paypal which is accessed through our control panel:
https://bonsai.vmhaus.com/
If you have any questions or concerns, please contact us by email to admin@vmhaus.ltd.uk, submit a ticket in our control panel, or use the @VMHausOfficial 推特 account.
We are, once again, extremely sorry this has happened
|
评论前必须登录!
注册