I would hope that was just a one time deal and he is not handing out the link to everyone who asks.
I do, everyone who reached out was a long time member that was most likely affected and wanted to check for himself.
I would consider passing around links to a hacked data base of customer information a black hat activity.
I would like to hear other members thoughts on this.
Yes, Absolutely. You can't justify it as checking for X once it's been confirmed. People should assume the data has been breached and act accordingly! Spreading it now is morally wrong imo
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
@chris said: I would consider passing around links to a hacked data base of customer information a black hat activity.
If we are talking of stolen user data ( name, address, credit/debit card details, any personal info), sharing the stolen data just makes you an accomplice, it might be funny for some, but for those in the stolen data it is not.
We are not talking about ISO images and Box Office movies here or top 10 Pornhub stuff, we are talking about people addresses, names and payment info. That passes morally wrong, and it is actually a felony in all modern countries. I do not know the US/CA laws, but in the EU, this is a thing that will get the initial hacker team in jail if caught.
Spreading the data makes you an "accomplice" on some level.
I say a perma ban on the data being shared and links to the data,
Businesses that got hacked and didn't notify clients in a timely manner should get a perma ban from advertising here. With a note in their sig of how many days to inform.
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
@chris said:
I say a perma ban on the data being shared and links to the data,
Businesses that got hacked and didn't notify clients in a timely manner should get a perma ban from advertising here. With a note in their sig of how many days to inform.
Yes, absolutely agree. Data protection should be taken more serious here too. Protection means for me awareness on the one hand and measures when violating on the other hand.
@chris said:
I say a perma ban on the data being shared and links to the data,
Businesses that got hacked and didn't notify clients in a timely manner should get a perma ban from advertising here. With a note in their sig of how many days to inform.
Yes, absolutely agree. Data protection should be taken more serious here too. Protection means for me awareness on the one hand and measures when violating on the other hand.
Hacking happens, I can forgive a mistake learnt from but hearing these response times and lack of interest makes me want public floggings. Theres thousands upon thousands of people around the world having their data shared around for some form of amusement. Disgusting.
Fortunately I'm yet to see a provider I use, So I'm hoping I don't have to take any action in terms of finding new providers anywhere.
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
@chris said:
I say a perma ban on the data being shared and links to the data,
Businesses that got hacked and didn't notify clients in a timely manner should get a perma ban from advertising here. With a note in their sig of how many days to inform.
Honestly, that's not even the worst part. It was a shame that cloudie tried to downplay the situation.
@chris said:
I say a perma ban on the data being shared and links to the data,
Businesses that got hacked and didn't notify clients in a timely manner should get a perma ban from advertising here. With a note in their sig of how many days to inform.
Honestly, that's not even the worst part. It was a shame that cloudie tried to downplay the situation.
That's PR mitigation - I'd expect that to be honest! We all see through it but there was a huge window where users could have been informed. We don't know who's had that data and for how long in that time. Machines of clients could well be compromised by now. For me I'd be wiping everything and starting afresh. Finding out weeks later wouldn't be acceptable to me and that provider would be a distant memory to me.
To any other providers who get hacked after this - An email letting clients know of a reported breach should be your first port of call, With subsequent updates. I couldn't forgive anything longer than 24hrs during xmas period. 6 during normal working hours
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
@whmcssec has been banned. We weren't sure if it was actually them at first or just someone trolling. They have since posted here bragging about more hosts they've exploited and leaked the customer databases of. LES will not be a platform for this.
@Mason said: @whmcssec has been banned. We weren't sure if it was actually them at first or just someone trolling. They have since posted here bragging about more hosts they've exploited and leaked the customer databases of. LES will not be a platform for this.
For balance, They did say they were going to be more responsible about the data going forward! Whilst I agree with your decision based upon past disclosures - I'd argue it's less dangerous now and probably helpful to the community to be ahead of the curve in securing things! I'd allow the disclosures personally with strict rules if it were me I do hope you reconsider the decision personally just for those who may be at risk
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
Maybe 12 for one man teams ofc. But yeah, that is the whole sucky thing about how Cloudie handled it, even calling it "PR mitigation" I would say it did more damage than coming clean right away since it was already known that the whole database was downloaded when I claimed it was only "unauthorized access".
Maybe 12 for one man teams ofc. But yeah, that is the whole sucky thing about how Cloudie handled it, even calling it "PR mitigation" I would say it did more damage than coming clean right away since it was already known that the whole database was downloaded when I claimed it was only "unauthorized access".
For sure, it speaks to their character. Scummy but I do understand the play
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
@Mason said: @whmcssec has been banned. We weren't sure if it was actually them at first or just someone trolling. They have since posted here bragging about more hosts they've exploited and leaked the customer databases of. LES will not be a platform for this.
For balance, They did say they were going to be more responsible about the data going forward! Whilst I agree with your decision based upon past disclosures - I'd argue it's less dangerous now and probably helpful to the community to be ahead of the curve in securing things! I'd allow the disclosures personally with strict rules if it were me I do hope you reconsider the decision personally just for those who may be at risk
I'm fine with sharing of information and keeping track of which hosts have been hacked. What I'm not cool with is platforming glorified achievement posts where they pat themselves on the back and act like they are doing the community a favor by extorting hosts not to leak their customer's data.
@Mason said: @whmcssec has been banned. We weren't sure if it was actually them at first or just someone trolling. They have since posted here bragging about more hosts they've exploited and leaked the customer databases of. LES will not be a platform for this.
For balance, They did say they were going to be more responsible about the data going forward! Whilst I agree with your decision based upon past disclosures - I'd argue it's less dangerous now and probably helpful to the community to be ahead of the curve in securing things! I'd allow the disclosures personally with strict rules if it were me I do hope you reconsider the decision personally just for those who may be at risk
I'm fine with sharing of information and keeping track of which hosts have been hacked. What I'm not cool with is platforming glorified achievement posts where they pat themselves on the back and act like they are doing the community a favor by extorting hosts not to leak their customer's data.
Yeah, totally get that! Completely agree tbh I suppose users can share info
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
But lying/downplaying something isn't worth it imo, the truth always comes out and then you look stupid.
Absolutely, but it's not just this industry most will be clever with language for legal reasons
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
I'm not sure why these "hackers" are trying to overstate their position and value, it's quite laughable. The vulnerability they're using was very easy to find, and given the vendors history they won't be patching it any time soon. They also missed a good chunk of other issues staring them right in the face but I won't egg them on more than necessary.
Comments
They rudely deleted my ticket, chose to ignore me, and chose to hide it without notifying the customer.
@whmcssec you forgot my data in the cloudie leak
youtube.com/watch?v=k1BneeJTDcU
what?
lol! this reminds me of a case in which one user had forgotten his password and hoped to find his credentials in the leaked data!
Yes, Absolutely. You can't justify it as checking for X once it's been confirmed. People should assume the data has been breached and act accordingly! Spreading it now is morally wrong imo
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
If we are talking of stolen user data ( name, address, credit/debit card details, any personal info), sharing the stolen data just makes you an accomplice, it might be funny for some, but for those in the stolen data it is not.
We are not talking about ISO images and Box Office movies here or top 10 Pornhub stuff, we are talking about people addresses, names and payment info. That passes morally wrong, and it is actually a felony in all modern countries. I do not know the US/CA laws, but in the EU, this is a thing that will get the initial hacker team in jail if caught.
Spreading the data makes you an "accomplice" on some level.
Host-C - VPS Services Provider - AS211462
"If there is no struggle there is no progress"
I say a perma ban on the data being shared and links to the data,
Businesses that got hacked and didn't notify clients in a timely manner should get a perma ban from advertising here. With a note in their sig of how many days to inform.
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
Yes, absolutely agree. Data protection should be taken more serious here too. Protection means for me awareness on the one hand and measures when violating on the other hand.
Hacking happens, I can forgive a mistake learnt from but hearing these response times and lack of interest makes me want public floggings. Theres thousands upon thousands of people around the world having their data shared around for some form of amusement. Disgusting.
Fortunately I'm yet to see a provider I use, So I'm hoping I don't have to take any action in terms of finding new providers anywhere.
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
Honestly, that's not even the worst part. It was a shame that cloudie tried to downplay the situation.
That's PR mitigation - I'd expect that to be honest! We all see through it but there was a huge window where users could have been informed. We don't know who's had that data and for how long in that time. Machines of clients could well be compromised by now. For me I'd be wiping everything and starting afresh. Finding out weeks later wouldn't be acceptable to me and that provider would be a distant memory to me.
To any other providers who get hacked after this - An email letting clients know of a reported breach should be your first port of call, With subsequent updates. I couldn't forgive anything longer than 24hrs during xmas period. 6 during normal working hours
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
@whmcssec has been banned. We weren't sure if it was actually them at first or just someone trolling. They have since posted here bragging about more hosts they've exploited and leaked the customer databases of. LES will not be a platform for this.
Head Janitor @ LES • About • Rules • Support
For balance, They did say they were going to be more responsible about the data going forward! Whilst I agree with your decision based upon past disclosures - I'd argue it's less dangerous now and probably helpful to the community to be ahead of the curve in securing things! I'd allow the disclosures personally with strict rules if it were me I do hope you reconsider the decision personally just for those who may be at risk
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
Maybe 12 for one man teams ofc. But yeah, that is the whole sucky thing about how Cloudie handled it, even calling it "PR mitigation" I would say it did more damage than coming clean right away since it was already known that the whole database was downloaded when I claimed it was only "unauthorized access".
For sure, it speaks to their character. Scummy but I do understand the play
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
I'm fine with sharing of information and keeping track of which hosts have been hacked. What I'm not cool with is platforming glorified achievement posts where they pat themselves on the back and act like they are doing the community a favor by extorting hosts not to leak their customer's data.
Head Janitor @ LES • About • Rules • Support
Yeah, totally get that! Completely agree tbh I suppose users can share info
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
But lying/downplaying something isn't worth it imo, the truth always comes out and then you look stupid.
Absolutely, but it's not just this industry most will be clever with language for legal reasons
───────────────────────────────────
🌐 Blesta.club - Blesta Modules, Plugins, Gateways and more
💬 Join our community today and start your journey!
───────────────────────────────────
Oh 100%, our society wouldn't survive if everyone was honest. Which is a shame and clearly shows we life in a doomed system build on lies.
May I start a no bs business in 2024 and survive.
This can help confirm if passwords were compromised.
No.
Troy has denied adding cloudie's dump since the data is too small.
Yup: "there's a backlog of 7-figure breches to process"
I'm not sure why these "hackers" are trying to overstate their position and value, it's quite laughable. The vulnerability they're using was very easy to find, and given the vendors history they won't be patching it any time soon. They also missed a good chunk of other issues staring them right in the face but I won't egg them on more than necessary.
Which is?
Don't go there.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
I think he's just asking what company sells the addons/themes.
ExtraVM
If I misread that, please carry on.
For staff assistance or support issues please use the helpdesk ticket system at https://support.lowendspirit.com/index.php?a=add
so worst case scenario, if you uses their plugin you have to check your whmcs instalation?
i never heard and/or uses that services though, best of luck for LES provider. you'll never be too careful
Fuck this 24/7 internet spew of trivia and celebrity bullshit.