In a recent advisory, cPanel acknowledged that a support department server was recently compromised, potentially exposing users’ passwords.
“The advisory came in the form of an e-mail alert that was posted on a WHMCS forum,” writes Threatpost’s Brian Donohue. “It was sent only to customers that had opened service-request tickets with cPanel’s support staff in the last six months. Other members of the forum reported receiving the same email. The hosting provider urges the recipients of the email alert to change their root level passwords if they have not been using SSH keys and to change their account passwords if they are using unprivileged accounts with ‘sudo’ or ‘su’ for root logins.”
“As we do not know the exact nature of this compromise we are asking for customers to take immediate action on their own servers,” the e-mail states. “cPanel’s security team is continuing to investigate the nature of this security issue.”
“Company representatives didn’t respond to an e-mail from Ars asking if they could rule out the possibility that customer names, e-mail addresses, or other personal data were exposed,” writes Ars Technica’s Dan Goodin. “It’s also unclear whether the company followed wide-standing recommendations to cryptographically protect passwords.”
“The cPanel product is very popular and used by hosts like BlueHost, HostGator, InMotion and many others,” notes Sucuri COO Tony Perez. “They in turn service hundreds of thousands of Web site owners. While the scale of the compromise is unknown, an attacker targeting an environment like this is surely interested in one thing — data.”