2021年06月24日00:50,站长收到Hosterlabs发来的邮件,提醒发生数据泄漏,请及时修改密码。邮件全文如下(附简单翻译):
Notice of Data Breach/数据泄露通知
We are writing to you because of an incident involving access to information associated with online purchases made on our website www.hosterlabs.net. Although we are unaware of any actual misuse of your information, we are providing notice to you and other potentially affected customers about the incident, and about tools you can use to protect yourself against possible identity theft or fraud.
我们写信给你是因为一个事件,涉及访问与我们网站上的网上购物相关的信息www.hosterlabs.net. 虽然我们不知道您的信息有任何实际的误用,但我们正在向您和其他可能受影响的客户提供有关事件的通知,以及有关您可以用来保护自己免受可能的身份盗窃或欺诈的工具。
What Happened?/发生什么事了?
We were discovered on June 22, 2021 that our website www.hosterlabs.net experienced an intrusion the day June 21,2021. The intruder or intruders placed malware on the our servers, and by doing so gained access to our customers’ data. To date, the investigation indicates that the intrusion began around the 21st of June ca. 9 AM.
我们在2021年6月22日发现我们的网站www.hosterlabs.net 在2021年6月21日发生了一次入侵。入侵者在我们的服务器上放置了恶意软件,从而访问了我们客户的数据。到目前为止,调查显示,入侵大约开始于6月21日上午9点左右。
At first we noticed our website hosterlabs.net/panel/ was offline and not working. Further investigation seemed to reveal a problem with the databases, we thought they were corrupted. After further investigation we found messages from “hackers” threatening to make the information on the databases public/selling them and they asked us for money in exchange of them returning us the information, because it was deleted. We do have backups that we do on a daily basis and as such we decided not to pay any ransom. We have disaster plans and prevention on all servers and platforms. We have had false alarms of hackings in the past, hence all our systems are extremely secured but unfortunately there is nothing that can not be hacked. The hack came through our WordPress main site hosterlabs.net/ where hackers possibly injected viruses through a vulnerability within one or more plugins we have. These vulnerabilities have been fully isolated and fixed. For now security is really tight but we will add further security in the upcoming days as well as changing how our systems are designed internally.
起初,我们注意到我们的网站hosterlabs.net/panel/处于脱机状态,无法正常工作。进一步的调查似乎发现数据库有问题,我们认为它们已经损坏了。在进一步调查后,我们发现来自“黑客”的消息,威胁要公开/出售数据库上的信息,他们向我们要钱,作为交换,他们将信息退还给我们,因为信息已被删除。我们每天都有备份,因此我们决定不支付任何赎金。我们在所有服务器和平台上都有灾难计划和预防。我们过去曾有过黑客攻击的假警报,因此我们所有的系统都非常安全,但不幸的是,没有什么是不能被黑客攻击的。黑客通过我们的Wordpress主网站hosterlabs.net/入侵,黑客可能通过我们拥有的一个或多个插件中的漏洞注入病毒。这些漏洞已被完全隔离和修复。目前,安全性确实很严格,但我们将在未来几天进一步增加安全性,并改变我们的系统内部设计方式。
What information was included?/包括哪些信息?
Name, Last Name, E-mail, Address and personally identifiable information. Passwords were most likely not stolen, nevertheless, please change your passwords for your VPS/Hosting accounts and your control panel account. No credit card information was stolen, no intrusion in any other systems took place. Please make sure to change your password in all of our services.
姓名、姓氏、电子邮件、地址和个人识别信息。密码很可能没有被盗,但是,请更改您的VPS/主机帐户和控制面板帐户的密码。没有信用卡信息被盗,没有任何其他系统发生入侵。请确保在我们的所有服务中更改您的密码。
Is the breach fixed?/漏洞修好了吗?
Yes we have tracked the malware and it has completely been removed from our sites.
是的,我们已经跟踪了恶意软件,它已经完全从我们的网站上删除。
What did you do to increase your security?/你做了什么来增加你的安全感?
We have added further firewalls, active monitoring and we are working as of now with law enforcement to track the perpetrators of the crime. We have notified the FBI and we expect to do forensics on our servers, for which we have backed up all logs and accesses.
我们增加了更多的防火墙、主动监控,目前我们正在与执法部门合作,追踪犯罪者。我们已经通知了联邦调查局,我们希望对我们的服务器进行取证,为此我们备份了所有日志和访问。
What kind of security do you have/ how do we know our information was protected?/您有什么样的安全措施/我们如何知道我们的信息受到保护?
Your information was protected to the best of our abilities as we have experience aiding and making sure other peoples’ servers are secure. We have seen/traced/removed similar hackings from customers. Most of our servers are unreachable outside our working spaces and require special authentications. This breach was just exploiting a plugin we had on our WordPress site. We will revise all our security policies and keep you updated.
您的信息已尽我们所能得到保护,因为我们有经验帮助并确保其他人的服务器安全。我们已经从客户那里看到/追踪/删除了类似的黑客攻击。我们的大多数服务器在工作空间之外无法访问,需要特殊的身份验证。这个漏洞只是利用了我们Wordpress网站上的一个插件。我们将修改我们所有的安全政策,并让您随时更新。
We are really sorry about the situation and we will keep you posted at status.hosterlabs.net
我们真的很抱歉这种情况,我们会让您在status.hosterlabs.net上保持联系
Best Regards,
Hosterlabs Team
