Anyone remember the Fasthosts Password compromise? I’ve just received an interesting email about it…
Today we have been made aware that a small number of our customers who did not change their passwords have experienced a compromise to their FTP space.
As a result, in order to totally protect all of our customers, we have today implemented an automatic password change for every control panel & FTP password that was not previously reset.
To ensure complete security when communicating your new passwords to you, we will take the stringent measure of sending the new control panel password via Royal Mail.
Please note that the email password reminder system will not work from the time you receive this mail, to the time you log in with your new control panel password.
Now, I’m one of the people that haven’t changed their passwords, but then I don’t use Fasthosts (or UKReg) any more so didn’t see an urgent need to do so. The card I’d used for them had also expired about 3 years ago anyway, which was another reason for my lack of concern.
I am, however, impressed with the fact that they are now sending me a new password out through the standard post even if I am concerned that I won’t have actually received it before I can now no longer log in.
Glad to see that they are taking measures to keep people safe though.
This entry was posted by Colin Ogilvie on Friday, November 30th, 2007 at 10:13 am and is tagged with and is posted in the category Tech News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a reply below. Pinging is currently not allowed.
Yup, unless they end up with the HMRC disks....
It also depends on what info they include on the letter with your password.
Don't jump for joy, until you see if they also include a reminder of your username along with your new password.
BUT.... if you are a fasthosts reseller like my company is, with loads of clients and potentially 100s of POP3 mail accounts, they have just caused one hell of a problem to deal with. Not only do I have to go through and change every POP3 password, I am likely to spend the next 2 weeks on the phone appeasing clients because they can't receive emails, talking clients through changing POP3 email clients and on the road visiting no end of sites.
The fact that this was done with no warning just shows once again they have no consideration for resellers.
The fact that they were compromised in the first place AND stored all their passwords in plain text was bad enough, now they are going to cost my company many 1000s pounds without any way to plan this change.
So it may appear fine and dandy for individuals, its a right PITA for us resellers!
OH.. and not forgetting the fact that they reset all the MySQL /MSSQL database passwords resulting in many 1000s of websites which are now unusable until the letters with the control panel passwords arrive so people can actually log-in and change the password to something they know.
I did change my password after the compromise and haven't received one of these emails.
Never be tempted to use Fasthosts.
They are rubbish in everything they do.
Whether it is just for one basic site, or like us a reseller with many, do not go near them.
They will be more trouble than they are worth, with slow servers, bad idiotic support and terrible attitude to customer retention. Don't do it
Here at Plusnet we're always trying to use clever open source things to make our lives easier. Sometimes we write our own and make other people's lives easier too!
We sell broadband, phone, VoIP and more to homes and businesses in the UK. Winner of 9 out of 11 Categories in the 2008 USwitch survey. Winner of "Best Consumer ISP" at 2008 ISPA awards. Voted number 1 in the Broadband Choices 2008 survey.
© Plusnet plc All Rights Reserved. E&OE
Community Site News is powered by WordPress
