One of the largest hosting companies in Germany, DomainFactory, has been penetrated by hackers. The hosting company, owned by GoDaddy since 2016, reported that the data breach happened around late January 2018, but the company found out about the incident just last week, July 3rd, after the alleged Hacker began sharing bits of the stolen information on their DomainFactory Forum.
The Hacker advertised a post on the main DomainFactory Forums page on July 3rd and it was there that the claim was made and the sensitive information was shared. According to a German media outlet called the Heise, the hackers were able to access the company’s customer databases and it was where the breach was detected. Both the Heise and some of the affected users were able to confirm that the information was legitimate.
According to the the Heise, the hacker exploited a variant of the Dirty Cow flaw to breach into the systems. The hacker also claims to be from Austria and also created a Twitter account called “@NaHabedere”. It was there where he told Heise that the reason for his attack was because he wanted to obtain information about a person who owes him a lot of money. It was when the company failed to notify the customer that he decided to disclose the hack. According to reports, the hacker apparently has no plans on sharing or selling any of the information he just obtained.
As of this moment, the breach is still being investigated. According to the company, the hacker was able to breach their systems and ultimately gained access to sensitive information:
- Company Names
- Customer names and account numbers
- Account IDs
- Customers’ Home addresses
- Telephone numbers
- Phone passwords
- Banks names and statements
- German credit scores
That’s a whole bunch of sensitive information. This is a gold mine for any hacker that can be used for targeted social engineering attacks against the company’s customers. This information can also be used for identity theft and bank fraud.
DomainFactory customers have been notified that their compromised data might be used for fraud and other malicious attacks. They have been given instructions to immediately change their passwords, phone data, FTP, MySQL and their respective Email accounts. Their online forum has been shut down and users have been advised to carefully monitor their bank statements and other sensitive information and report any irregularities to the proper authorities.
