WordPress.com’s Dedicated Web Hosting Provider LayeredTech User Accounts CompromisedBy Angsuman Chakraborty, Gaea News Network
Wednesday, September 19, 2007
Automattic hosts WordPress.com using dedicated servers from LayeredTech. According to Todd Abrams, President & COO of Layered Technologies:
“The Layered Technologies support database was a target of malicious activity on the evening of 9/17/2007 that may have involved the illegal downloading of information such as names, addresses, phone numbers, email addresses and server login details for 5 to 6,000 of our clients.”
“Due to the significant amount of uncertainty in determining which accounts may have been impacted, Layered Technologies felt that it was in your best interest to take the precautionary steps of reaching out to you and all clients regarding this issue. In addition, we are asking all of our clients to change the login credentials for all host details they have submitted in the past 2 years. This includes any login credentials for the following: Cerberus, Modernbill, Encompass, and all servers you own and operate with LT, all services that may have submitted passwords in the past for such as Webmail, Remote Desktop, SSH, MySQL, cPanel WHM, FTP Backup storage or similar services. Please utilize the ‘reset password’ features on all of our tools to reset and send a new random password. Any LT customers needing assistance with resetting passwords should contact our technical support team via our ticketing system for methods for how we can assist with resetting them and not providing the updated passwords in the tickets.”
I cannot imagine the impact on big clients like Automattic, which has hundreds of servers from LayeredTech. I too use one of the servers from LayeredTech and just finished changing my passwords. Imagine the effort for Matt & Co. Don’t be surprised if your wordpress.com accounts are compromised too. If hackers have root access to WordPress.com servers, which they will have as root access is required to be provided for many support requests, then they are free to change all your account details, delete them or post on your behalf. So in summary there is a full possibility of major disruption of service. Looking forward to hear from Matt & Co. about the impact on WordPress.com.
I think LayeredTech handled user accounts negligently in the first place. This is inexcusable. LayeredTech have opened on us the floodgates for spam and more probably much more. At least I didn’t have my credit card details with them.
Tags: LayeredTech, support