Database of Layered Technologies Attacked

Database of the provider of managed hosting, Layered Technologies, came under a serious attack on September 17, 2007 that could have allowed an unauthorized downloading of personal information consisting of names, phone numbers, postal addresses, e-mail addresses, and login information belonging to nearly 5,000-6,000 customers.

The breach occurred when the intruder hit on an off-the-shelf program that was adjusted with the firm's support desk managing the help tickets given by the customers, according to President of Layered Technologies, Todd Abrams, as reported by The Register.

Abrams said that the as per as the log entries, it was unlikely that the hackers had taken the copy of the database as the download would take more than 2 seconds.

Fortunately, customers' payment details were stored in another system, so a customer who did not add them in a help ticket could avoid exposure. Some of the customers' also scanned the IDs when hiring a server and those too were also not stored into the help desk.

Strangely, the perpetrators were able to access the database by attacking Cerebus, a program that is named after the dog that guarded the gate in Hades in the Greek mythology. However, Secunia, a Web security company, opined in a recent report, that there're several vulnerabilities in Cerebus and one of them is very critical.

Layered Technologies did not disclose the method of penetration into its database but said that it is subjected to illegal extraction of information from its database at different points of time.

As per a site advisory, the company said that it was trying to trace the origin of the security breach through an internal audit and assured its customers of having launched several initiatives to upgrade the protection measures to save their information.

The Company had advised all the clients to change their login information of all the host details they have forwarded to the company during the past two years. These details refer to programs like Cerebus, Encompass, Modernbill and all client-owned servers, which they operate with Layered Technologies. The company has also advised its clients to change the passwords for all the services for Webmail, SSH, MySQL, Remote Desktop, cPanel, FTP Backup storage, WHM or similar services. It suggested its customers to use 'reset password' feature on all the LT tools in order to rearrange and send a fresh random password.

» SPAMfighter News - 10/5/2007