Washington, June 10: An English website hosting company may have lost the data for over 100,000 websites after hackers exploited a security vulnerability in software used to provide customers with hosting facilities.
According to Rus Foster, the company’s director, hackers managed to gain access to the root level of a key piece of software the company uses to provide its low-cost virtual website solutions.
“We were hit by a zero-day exploit” in HyperVM, a virtualization application made by LXLabs in Bangalore, India.
Foster said he’s been unable to reach anyone at LXLabs to discuss the suspected vulnerability, but data for about half of the websites hosted on Vaserv was destroyed all at once sometime Sunday evening.
Foster said about 50 percent of Vaserv’s customers used an unmanaged service, which doesn’t include data backup. As a result, at least half the websites that were hosted on the site remain offline.
Daniel Voyce, a web developer for Nu Order Webs, said, given the high level of server access they [the hackers] gained, [they] were likely able to intercept a wealth of sensitive data stored on Vaserv’s servers.
After 48-hours of frantic recovery attempts, Vaserv reported in a posting on its website that at least 24 virtual servers had suffered total data loss, as too had at least nine out of 33 nodes.
The company said it would provide customers who lost data with a new virtual private server on a new platform and provide two months free hosting as compensation.
Foster said it would depend on each customer whether they had their own backups of their websites, but he suspected many may have lost all of their internet presence.
So far no one is known to have claimed responsibility for the attack, which Foster said was, “a deliberate attack on our infrastructure.”