WordPress.com’s Dedicated Web Hosting Provider LayeredTech User Accounts Compromised
By Angsuman Chakraborty, Gaea News NetworkWednesday, September 19, 2007
Automattic hosts WordPress.com using dedicated servers from LayeredTech. According to Todd Abrams, President & COO of Layered Technologies:
“The Layered Technologies support database was a target of malicious activity on the evening of 9/17/2007 that may have involved the illegal downloading of information such as names, addresses, phone numbers, email addresses and server login details for 5 to 6,000 of our clients.”
“Due to the significant amount of uncertainty in determining which accounts may have been impacted, Layered Technologies felt that it was in your best interest to take the precautionary steps of reaching out to you and all clients regarding this issue. In addition, we are asking all of our clients to change the login credentials for all host details they have submitted in the past 2 years. This includes any login credentials for the following: Cerberus, Modernbill, Encompass, and all servers you own and operate with LT, all services that may have submitted passwords in the past for such as Webmail, Remote Desktop, SSH, MySQL, cPanel WHM, FTP Backup storage or similar services. Please utilize the ‘reset password’ features on all of our tools to reset and send a new random password. Any LT customers needing assistance with resetting passwords should contact our technical support team via our ticketing system for methods for how we can assist with resetting them and not providing the updated passwords in the tickets.”
I cannot imagine the impact on big clients like Automattic, which has hundreds of servers from LayeredTech. I too use one of the servers from LayeredTech and just finished changing my passwords. Imagine the effort for Matt & Co. Don’t be surprised if your wordpress.com accounts are compromised too. If hackers have root access to WordPress.com servers, which they will have as root access is required to be provided for many support requests, then they are free to change all your account details, delete them or post on your behalf. So in summary there is a full possibility of major disruption of service. Looking forward to hear from Matt & Co. about the impact on WordPress.com.
I think LayeredTech handled user accounts negligently in the first place. This is inexcusable. LayeredTech have opened on us the floodgates for spam and more probably much more. At least I didn’t have my credit card details with them.
Tags: LayeredTech, support
 betabug |
December 24, 2007: 6:33 am
Maybe you guys should look at information like this in respect to LayeredTech: https://spamhuntress.com/2006/10/14/massive-spam-campaign/ A lot of people have all traffic from LT IPs banned on their servers. |
|
September 19, 2007: 6:12 am
Thanks for the update. It is a relief. I hope not. However I am sure they will have much better service for a big customer like Automattic Their home-brewed user interface did look much flimsy to me than other dedicated service providers say like EasySpeedy for example. While that doesn’t really indicate their underlying security code in-place, unless we get more details, I suspect it was breached from the UI. BTW: Nice idea about dis-allowing password logins. I thought about it too but didn’t get around to implement it. Now I will. |
|
September 19, 2007: 1:53 am
None of our servers allow password logins, so there was no immediate threat, however we did take the opportunity to review our systems and security. Despite this horrible problem, LT has still been a great long-term partner for us and I would be surprised if something like this happened again. |
Field Turf