Peter’s Blog

Not too long ago Layered Technologies were hacked. Unfortunately it looks like it is contagious as now Fasthosts (1 of UK’s biggest hosts) has called in the police.

Fasthosts claim that as a precautionary measure all username and passwords would be changed immediately. This includes control panel, ftp, email and database (don’t forget to change your scripts to reflect this as well) .

When asked why they did not encrypt usernames and passwords instead of storing them in plain text they claim and I quote:-

“Historically, Internet companies have rarely encrypted passwords to aid customer service.”

This is a ridiculous stance to hold. Any personal data (and of curse login details) should be encrypted. Encryption of course be undone as long as you know how it was encrypted. Their support department should have a tool that can un-encrypt the data (source).

Hopefully data centers will learn from the recent breaches, but I am not holding my breath.

EDIT After posting this I also found a more recent report on the register stating that their is a possibility of banking details also being stolen.

This entry was posted on Friday, October 19th, 2007 at 2:59 pm and is filed under Domaining, General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.