This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

European web hosting company reports breach

Share this article:
Check Point introduces new OS and collaborative ThreatCloud
Check Point introduces new OS and collaborative ThreatCloud

Web hosting company OVH has admitted it suffered a security breach last week.

In an update, the French company said that its internal network at its offices in Roubaix had been compromised and after internal investigations, it discovered that a hacker was able to obtain access to an email account of one of its system administrators.

It said: “With this email access, they [were] able to gain access to the internal VPN of another employee. Then with this VPN access, they were able to compromise the access of one of the system administrators who handles the internal back office.”

After discovering this, it has assumed that the attacker aimed to discover the database of its European customers, and gain access to the installation server system in Canada. It confirmed that the European database includes names, addresses, telephone and fax numbers and encrypted passwords, which are salted and based on SHA-512.

It said: “In the coming months the back office will be under PCI-DSS which will allow us to ensure that the incident related to a specific hack on specific individuals will have no impact on our databases. In short, we were not paranoid enough so now we're switching to a higher level of paranoia.

“The aim is to guarantee and protect your data in the case of industrial espionage that would target people working at OVH. Please accept our sincere apologies for this incident.”

John Worrall, chief marketing officer at Cyber-Ark, said: “This breach is yet another example of why the theft and exploitation of privileged accounts is a critical and devastating part of the advanced threat attack cycle. In this case, the details of how the perimeter was breached have yet to be divulged, however, this is arguably a secondary concern.

“Businesses now have to assume that attackers are already on the inside. Indeed, the critical part of this attack, and what every organisation should take away from it, is the fact that the attacker specifically targeted the system administrator to gain their privileged access. Once successful, the attacker was effectively able to move from system to system undetected until they reached the information they were looking for.”

Sol Cates, chief security officer at Vormetric, said: “The incident paints a disturbing picture of what can happen when the access rights of someone already within the company walls are hijacked for a cyber criminal's own renegade purposes.

“This latest compromise shines a light on a fundamental flaw in our systems. Privileged users are a target because of their access to data, and systems. By taking over the access rights of someone already on the system, hackers are able to easily circumvent the traditional perimeter defences that would have once foiled their efforts, and gain access to the corporate network.

“Decisive action must be taken. It's time to limit what impact these accounts have within our walls, to reduce exposure to data, detect activity, while allowing them to continue to perform their expected functions.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.