Fasthosts Password Compromise

‎30-11-2007

Anyone remember the Fasthosts Password compromise? I've just received an interesting email about it...

Today we have been made aware that a small number of our customers who did not change their passwords have experienced a compromise to their FTP space. As a result, in order to totally protect all of our customers, we have today implemented an automatic password change for every control panel & FTP password that was not previously reset. To ensure complete security when communicating your new passwords to you, we will take the stringent measure of sending the new control panel password via Royal Mail. Please note that the email password reminder system will not work from the time you receive this mail, to the time you log in with your new control panel password.

Now, I'm one of the people that haven't changed their passwords, but then I don't use Fasthosts (or UKReg) any more so didn't see an urgent need to do so. The card I'd used for them had also expired about 3 years ago anyway, which was another reason for my lack of concern. I am, however, impressed with the fact that they are now sending me a new password out through the standard post even if I am concerned that I won't have actually received it before I can now no longer log in. Glad to see that they are taking measures to keep people safe though.

James_H · ‎30-11-2007

Yup, unless they end up with the HMRC disks.... It also depends on what info they include on the letter with your password. Don't jump for joy, until you see if they also include a reminder of your username along with your new password.

Peter_Vaughan · ‎02-12-2007

BUT.... if you are a fasthosts reseller like my company is, with loads of clients and potentially 100s of POP3 mail accounts, they have just caused one hell of a problem to deal with. Not only do I have to go through and change every POP3 password, I am likely to spend the next 2 weeks on the phone appeasing clients because they can't receive emails, talking clients through changing POP3 email clients and on the road visiting no end of sites. The fact that this was done with no warning just shows once again they have no consideration for resellers. The fact that they were compromised in the first place AND stored all their passwords in plain text was bad enough, now they are going to cost my company many 1000s pounds without any way to plan this change. So it may appear fine and dandy for individuals, its a right PITA for us resellers!

Peter_Vaughan · ‎02-12-2007

OH.. and not forgetting the fact that they reset all the MySQL /MSSQL database passwords resulting in many 1000s of websites which are now unusable until the letters with the control panel passwords arrive so people can actually log-in and change the password to something they know.

bobpullen1 · ‎02-01-2008

I did change my password after the compromise and haven't received one of these emails.

Mark4 · ‎26-06-2008

Never be tempted to use Fasthosts. They are rubbish in everything they do. Whether it is just for one basic site, or like us a reseller with many, do not go near them. They will be more trouble than they are worth, with slow servers, bad idiotic support and terrible attitude to customer retention. Don't do it