recent work

ICO informed of billing system hack

A Leeds-based web hosting company has informed the Information Commissioner’s Office(ICO) that its systems have been ‘compromised by hackers’.

eUKhost Ltd posted an announcement on its website last Saturday morning (28th May 2012):

“Although the method of the compromise remains unclear, we can confirm that an administrator level login was compromised and an IP address added to an allow list to allow a successful login.”

“We are still investigating how this compromise occurred and we can’t currently see any evidence of a database dump. However, with our billing system compromised on any level, passwords stored within and not changed since signup can potentially be compromised.”

The hack itself occurred in February 2012, although eUKhost Ltd didn’t find out about the hack until last week, when the hacking group responsible posted a video confirming the activity on YouTube. UrduHack, a Pakistani hacking group, has been confirmed as responsible for the hack.

eUKhost Ltd said:
“The hacking group responsible is not the type to cause trouble with individuals… they are the kind of hackers that just want to prove they can do something. Their motive was not financial, and they were not interested in compromising our systems, they just wanted to prove they could do it.”

“We are… a bit guilty of not following our own advice that we give to our customers, so we are a little embarrassed that we have not practiced what we preached.”

eUKHost has now moved its billing system to a new server and changed the encryption algorithm. It would appear that payment details do not appear to have been compromised.