Cloudie Networks, LLC. Data Leakage

13»

Comments

  • edited December 2023

    @treesmokah said:
    More providers hit, https://hostersale.com/, https://serverwala.com/(name I recognize for some reason) and https://the23.digital/. I have not verified the data.

    [Redacted]

    Maybe @whmcssec is willing to discuss specifics?

    They rudely deleted my ticket, chose to ignore me, and chose to hide it without notifying the customer.

  • @whmcssec you forgot my data in the cloudie leak

    youtube.com/watch?v=k1BneeJTDcU

  • @Otus9051 said:
    @whmcssec you forgot my data in the cloudie leak

    what?

  • @Otus9051 said: @whmcssec you forgot my data in the cloudie leak

    lol! this reminds me of a case in which one user had forgotten his password and hoped to find his credentials in the leaked data!

    Thanked by (2)host_c rhinoduck
  • @FrankZ said:

    @treesmokah said:

    @Otus9051 said:
    @treesmokah are you still giving the download link to people

    Yes.

    @FrankZ said:

    @Otus9051 said:
    @treesmokah are you still giving the download link to people

    I would hope that was just a one time deal and he is not handing out the link to everyone who asks.

    I do, everyone who reached out was a long time member that was most likely affected and wanted to check for himself.

    I would consider passing around links to a hacked data base of customer information a black hat activity.
    I would like to hear other members thoughts on this.

    Yes, Absolutely. You can't justify it as checking for X once it's been confirmed. People should assume the data has been breached and act accordingly! Spreading it now is morally wrong imo

    Thanked by (1)FrankZ

    ───────────────────────────────────
    🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
    💬 Join our community today and start your journey!
    ───────────────────────────────────

  • host_chost_c Hosting Provider

    @chris said: I would consider passing around links to a hacked data base of customer information a black hat activity.

    If we are talking of stolen user data ( name, address, credit/debit card details, any personal info), sharing the stolen data just makes you an accomplice, it might be funny for some, but for those in the stolen data it is not.

    We are not talking about ISO images and Box Office movies here or top 10 Pornhub stuff, we are talking about people addresses, names and payment info. That passes morally wrong, and it is actually a felony in all modern countries. I do not know the US/CA laws, but in the EU, this is a thing that will get the initial hacker team in jail if caught.

    Spreading the data makes you an "accomplice" on some level.

    Host-C - VPS Services Provider - AS211462

    "If there is no struggle there is no progress"

  • I say a perma ban on the data being shared and links to the data,

    Businesses that got hacked and didn't notify clients in a timely manner should get a perma ban from advertising here. With a note in their sig of how many days to inform.

    ───────────────────────────────────
    🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
    💬 Join our community today and start your journey!
    ───────────────────────────────────

  • @chris said:
    I say a perma ban on the data being shared and links to the data,

    Businesses that got hacked and didn't notify clients in a timely manner should get a perma ban from advertising here. With a note in their sig of how many days to inform.

    Yes, absolutely agree. Data protection should be taken more serious here too. Protection means for me awareness on the one hand and measures when violating on the other hand.

    Thanked by (1)chris
  • @webcraft said:

    @chris said:
    I say a perma ban on the data being shared and links to the data,

    Businesses that got hacked and didn't notify clients in a timely manner should get a perma ban from advertising here. With a note in their sig of how many days to inform.

    Yes, absolutely agree. Data protection should be taken more serious here too. Protection means for me awareness on the one hand and measures when violating on the other hand.

    Hacking happens, I can forgive a mistake learnt from but hearing these response times and lack of interest makes me want public floggings. Theres thousands upon thousands of people around the world having their data shared around for some form of amusement. Disgusting.

    Fortunately I'm yet to see a provider I use, So I'm hoping I don't have to take any action in terms of finding new providers anywhere.

    ───────────────────────────────────
    🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
    💬 Join our community today and start your journey!
    ───────────────────────────────────

  • @chris said:
    I say a perma ban on the data being shared and links to the data,

    Businesses that got hacked and didn't notify clients in a timely manner should get a perma ban from advertising here. With a note in their sig of how many days to inform.

    Honestly, that's not even the worst part. It was a shame that cloudie tried to downplay the situation.

  • @dosai said:

    @chris said:
    I say a perma ban on the data being shared and links to the data,

    Businesses that got hacked and didn't notify clients in a timely manner should get a perma ban from advertising here. With a note in their sig of how many days to inform.

    Honestly, that's not even the worst part. It was a shame that cloudie tried to downplay the situation.

    That's PR mitigation - I'd expect that to be honest! We all see through it but there was a huge window where users could have been informed. We don't know who's had that data and for how long in that time. Machines of clients could well be compromised by now. For me I'd be wiping everything and starting afresh. Finding out weeks later wouldn't be acceptable to me and that provider would be a distant memory to me.

    To any other providers who get hacked after this - An email letting clients know of a reported breach should be your first port of call, With subsequent updates. I couldn't forgive anything longer than 24hrs during xmas period. 6 during normal working hours

    ───────────────────────────────────
    🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
    💬 Join our community today and start your journey!
    ───────────────────────────────────

  • MasonMason AdministratorOG

    @whmcssec has been banned. We weren't sure if it was actually them at first or just someone trolling. They have since posted here bragging about more hosts they've exploited and leaked the customer databases of. LES will not be a platform for this.

    Head Janitor @ LES • AboutRulesSupport

  • @Mason said:
    @whmcssec has been banned. We weren't sure if it was actually them at first or just someone trolling. They have since posted here bragging about more hosts they've exploited and leaked the customer databases of. LES will not be a platform for this.

    For balance, They did say they were going to be more responsible about the data going forward! Whilst I agree with your decision based upon past disclosures - I'd argue it's less dangerous now and probably helpful to the community to be ahead of the curve in securing things! I'd allow the disclosures personally with strict rules if it were me :) I do hope you reconsider the decision personally just for those who may be at risk

    ───────────────────────────────────
    🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
    💬 Join our community today and start your journey!
    ───────────────────────────────────

  • @chris said: 6 during normal working hours

    Maybe 12 for one man teams ofc. But yeah, that is the whole sucky thing about how Cloudie handled it, even calling it "PR mitigation" I would say it did more damage than coming clean right away since it was already known that the whole database was downloaded when I claimed it was only "unauthorized access".

    Thanked by (1)chris
  • @keklord said:

    @chris said: 6 during normal working hours

    Maybe 12 for one man teams ofc. But yeah, that is the whole sucky thing about how Cloudie handled it, even calling it "PR mitigation" I would say it did more damage than coming clean right away since it was already known that the whole database was downloaded when I claimed it was only "unauthorized access".

    For sure, it speaks to their character. Scummy but I do understand the play

    ───────────────────────────────────
    🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
    💬 Join our community today and start your journey!
    ───────────────────────────────────

  • MasonMason AdministratorOG

    @chris said:

    @Mason said:
    @whmcssec has been banned. We weren't sure if it was actually them at first or just someone trolling. They have since posted here bragging about more hosts they've exploited and leaked the customer databases of. LES will not be a platform for this.

    For balance, They did say they were going to be more responsible about the data going forward! Whilst I agree with your decision based upon past disclosures - I'd argue it's less dangerous now and probably helpful to the community to be ahead of the curve in securing things! I'd allow the disclosures personally with strict rules if it were me :) I do hope you reconsider the decision personally just for those who may be at risk

    I'm fine with sharing of information and keeping track of which hosts have been hacked. What I'm not cool with is platforming glorified achievement posts where they pat themselves on the back and act like they are doing the community a favor by extorting hosts not to leak their customer's data.

    Thanked by (2)webcraft FrankZ

    Head Janitor @ LES • AboutRulesSupport

  • @Mason said:

    @chris said:

    @Mason said:
    @whmcssec has been banned. We weren't sure if it was actually them at first or just someone trolling. They have since posted here bragging about more hosts they've exploited and leaked the customer databases of. LES will not be a platform for this.

    For balance, They did say they were going to be more responsible about the data going forward! Whilst I agree with your decision based upon past disclosures - I'd argue it's less dangerous now and probably helpful to the community to be ahead of the curve in securing things! I'd allow the disclosures personally with strict rules if it were me :) I do hope you reconsider the decision personally just for those who may be at risk

    I'm fine with sharing of information and keeping track of which hosts have been hacked. What I'm not cool with is platforming glorified achievement posts where they pat themselves on the back and act like they are doing the community a favor by extorting hosts not to leak their customer's data.

    Yeah, totally get that! Completely agree tbh I suppose users can share info

    ───────────────────────────────────
    🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
    💬 Join our community today and start your journey!
    ───────────────────────────────────

  • @chris said: Scummy but I do understand the play

    But lying/downplaying something isn't worth it imo, the truth always comes out and then you look stupid.

  • @keklord said:

    @chris said: Scummy but I do understand the play

    But lying/downplaying something isn't worth it imo, the truth always comes out and then you look stupid.

    Absolutely, but it's not just this industry most will be clever with language for legal reasons

    ───────────────────────────────────
    🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
    💬 Join our community today and start your journey!
    ───────────────────────────────────

  • @chris said:

    @keklord said:

    @chris said: Scummy but I do understand the play

    But lying/downplaying something isn't worth it imo, the truth always comes out and then you look stupid.

    Absolutely, but it's not just this industry most will be clever with language for legal reasons

    Oh 100%, our society wouldn't survive if everyone was honest. Which is a shame and clearly shows we life in a doomed system build on lies.

    May I start a no bs business in 2024 and survive. :joy:

    Thanked by (1)bikegremlin
  • @FatGrizzly said: Please change your passwords, just checked the dump.

    This can help confirm if passwords were compromised.

  • FatGrizzlyFatGrizzly Hosting Provider

    @alexxgg said:

    @FatGrizzly said: Please change your passwords, just checked the dump.

    This can help confirm if passwords were compromised.

    No.

    Troy has denied adding cloudie's dump since the data is too small.

    Thanked by (1)Not_Oles
  • @FatGrizzly said: Troy has denied adding cloudie's dump since the data is too small.

    Yup: "there's a backlog of 7-figure breches to process"

  • I'm not sure why these "hackers" are trying to overstate their position and value, it's quite laughable. The vulnerability they're using was very easy to find, and given the vendors history they won't be patching it any time soon. They also missed a good chunk of other issues staring them right in the face but I won't egg them on more than necessary.

  • @wdmg said:
    The vulnerability they're using was very easy to find, and given the vendors history they won't be patching it any time soon.

    Which is?

  • FrankZFrankZ Moderator

    @dosai said:

    @wdmg said:
    The vulnerability they're using was very easy to find, and given the vendors history they won't be patching it any time soon.

    Which is?

    Don't go there.

    I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
    For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add

  • MikeAMikeA Hosting ProviderOG

    @FrankZ said:

    @dosai said:

    @wdmg said:
    The vulnerability they're using was very easy to find, and given the vendors history they won't be patching it any time soon.

    Which is?

    Don't go there.

    I think he's just asking what company sells the addons/themes.

  • FrankZFrankZ Moderator

    @MikeA said:

    @FrankZ said:

    @dosai said:

    @wdmg said:
    The vulnerability they're using was very easy to find, and given the vendors history they won't be patching it any time soon.

    Which is?

    Don't go there.

    I think he's just asking what company sells the addons/themes.

    If I misread that, please carry on.

    I am currently traveling in mostly remote areas until sometime in April 2024. Consequently DM's sent to me will go unanswered during this time.
    For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add

  • so worst case scenario, if you uses their plugin you have to check your whmcs instalation?

    i never heard and/or uses that services though, best of luck for LES provider. you'll never be too careful

    Fuck this 24/7 internet spew of trivia and celebrity bullshit.

Sign In or Register to comment.