Skip Navigation


Fasthosts tells customers to reset password after hacking fear
Friday 19 October 2007 01:52:06 by Sebastien Lahtinen

Internet Service Provider Fasthosts has sent customers an e-mail asking them to reset their passwords following an investigation into a major security breach affecting their customer database.

"We are writing to inform you that we have recently discovered evidence of a network intrusion involving a Fasthosts server. We have reason to believe that the intruder has gained access to our internal systems, and that this may have in turn given them access to your username and some service passwords."

Fasthosts e-mail to customers

The firm is asking customers to reset all password to their control panel and hosting services. They have not specifically mentioned broadband services in the e-mail we've seen, but users would certainly be advised to change any passwords in any case.

More information is available at TheRegister.

Comments

Posted by irrelevant over 9 years ago
This also applies to UKReg customers (I got my email via them) and any customers of the large number of resellers of both brands..

Would it not have been better to actually reset the passwords themselves, then let customers use the standard 'forgot password' options to get the new one?
Posted by chrysalis over 9 years ago
I am wondering why a experienced and large isp is storing passwords in plain text.
Posted by seb (Favicon staff member) over 9 years ago
Chrysalis - there are reasons to use plain text including where integration between multiple systems causes issues because they need replicating between systems where a single authentication system is not possible. Some legacy setups might be a reason.
Posted by c_j_ over 9 years ago
"where a single authentication system is not possible."

There are lots of things which are *possible* in software which often don't get done because companies/organisations often aren't motivated to implement them. Decent cross-platform authentication might be one of them.
Posted by AdamGz0r over 9 years ago
i didnt know operating systems and programming languages can no longer use simple basic encryption like md5

absolutely dispicible that such a large isp is storing passwords in plain text now think of the amount of people that use the same password for everything and what doors the stolen data could open
Posted by pete01 over 9 years ago
What a load of rubbish.

*sigh*
You must be logged in to post comments. Click here to login.