ColoCrossing Database Breach

4 months ago 18

BreachColoCrossing’s ColoCloud brand suffered a breach over the last 24 hours, resulting in emails to users (from both hacker and CC), as well as a fast and furious thread on LowEndTalk.

The story is still coming together, as ColoCrossing is working on restoring services, but here’s what we’ve been able to piece together.

The breach is only on the ColoCloud side.  ColoCrossing’s massive dedicated server business is unaffected.  If you’re a customer, this means that if you’re logging in to the ‘portal’ side of the business, your systems are fine.  The breach is only on the ‘cloud’ side.  The WHMCS system is also unaffected.

This was caused by a Virtualizor bug.  While the dedicated server side runs on a proprietary management system, Vitualizor is used to administer the ColoCloud side of the business.  It’s likely that other providers are vulnerable as well.  As RackNerd’s Dustin Cisneros noted:

RackNerd is not affected by this breach, it’s worth noting that there have been several Virtualizor vulnerabilities floating around as of late (even affecting other providers here, some who haven’t even made statements) – one more recent one being Virtualizor’s support/live chat system being compromised.

This was an extortion play, and if you read the LowEndTalk thread you’ll see several posts by the hackers themselves, from accounts since banned by the mods.  The hackers claimed this was some kind of altruistic play to expose child pornography, but the reality is that they were asking for money.  (As a side note, in any large hosting environment, you’ll inevitably find some bad users.  Any CSM on a client system is the fault of the subscriber, not CC, and would be a violation of CC’s terms of service).

The hacker has emailed users, though inconsistently.  Not every ColoCloud user got the email.

ColoCloud has also emailed users:

ColoCloud Breach Email

Fun fact: two years ago, during Memorial Day Weekend 2023, downtown Buffalo suffered its first power outage since WWII. The CC datacenter there ran on generator power for 30 hours but didn’t suffer any downtime.

One of the ColoCrossing admins has posted a message in the thread:

The ColoCloud team is working hard on this issue. Sincere apologies for those who are impacted. For the ColoCloud team it has been non stop work on this issue since yesterday.

Significant steps are being taken to disconnect the platform from the internet to allow time for us to work on this issue. If your virtual server is down currently it is likely because of this action.

Thank you for the patience and understanding on this. We are doing our best.
On a personal note today is my son’s one year birthday party. I am on my computer doing whatever I can to support the team. It is all hands on deck.

Be sure to keep hitting F5 on that thread as this story develops.

Read Entire Article