Fwd: [ISN] The Planet Warns of Security Breach

["Paul Ferguson" <fergdawgster () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FYI.

- - ferg


- ---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>
Date: Mon, Oct 20, 2008 at 12:15 AM
Subject: [ISN] The Planet Warns of Security Breach
To: isn () infosecnews org


http://www.thewhir.com/marketwatch/101708_The_Planet_Warns_of_Security_Brea
ch.cfm

By Liam Eagle
theWHIR.com
October 17, 2008

(WEB HOST INDUSTRY REVIEW) -- Dedicated and managed hosting provider The
Planet (www.theplanet.com) issued a notice to customers Thursday,
informing them of a security breach the company had detected, and
recommending certain steps customers could take to protect their
accounts from further compromise.

"In the course of the last two days, our Computer Security Incident
Response Center team has identified suspicious activity in our customer
management portal," said the email sent to customers. "We have
identified what appears to be a security breach that may have affected
your customer portal account and server passwords. We have identified
the methods by which the systems were compromised and have closed those
holes.  In addition to those actions, we will be implementing additional
security measures to further strengthen the infrastructure and systems."

In a phone interview with the WHIR Friday, The Planet's vice president
of technology Will Charnock said the breach is believed to be the result
of a compromised employee account - something the company has never
encountered in the past. According to the security investigation up to
this point, only two user accounts were definitely affected, and no
credit card information is believed to have been compromised.

The company says it moved quickly to repair the breach and contacted all
of its approximately 25,000 customers to advise them to take a few "best
practices" type precautions in the interest of remaining as secure as
possible: changing logins and passwords for Orbit (The Planet's customer
portal) immediately, and every 60 days following; doing the same with
server passwords; being alert to suspicious activity on accounts; and
retaining access logs and contacting the company if suspicious activity
is suspected.

[...]

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFI/Hyoq1pz9mNUZTMRAiZBAKCWmRS/o/SH5dHij22oOi++hwHm+gCgmrTx
d79YyCKeS2ioKdkfjbUr7fI=
=GzH3
-----END PGP SIGNATURE-----


-- 
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawgster(at)gmail.com
 ferg's tech blog: http://fergdawg.blogspot.com/
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.