Greenvaluehost hacked, customer details exposed to public including customer photo IDs

Discussion in 'Industry News' started by drmike, Dec 24, 2014.

  1. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    Doing this purely as a public service announcement so anyone who has bought from Greenvaluehost (GVH) prior is aware.

    This is taken from Lowendtalk by @kcaj: http://lowendtalk.com/discussion/39469/let-pm-spam-from-gvh/p3

    The hack / exposure happened in the past few days.

    I haven't seen the file dumped to say what is and isn't in there.

    Beware if you are a Greenvaluehost customer.
     
    k0nsl and GIANT_CRAB like this.
  2. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    Yeah, this has been known (sort of) for a day or two I believe. Unsure if any vpsB members have any services with them, though. Still good to get it out there though regardless.

    Isn't this the 3rd time? GVH said in the past he 'looks up' to Chris Fabozzi from ChicagoVPS, so I guess he's doing a good job following his footsteps. Service quality and security policies appear to be on par with each other and lack of notifying impacted customers is the same.

    Anyhow, if you're a GVH customer... may god have mercy on your soul.
     
    Last edited by a moderator: Dec 24, 2014
    drmike likes this.
  3. Steven F

    Steven F New Member Verified Provider

    475
    147
    Jun 27, 2013
    Last edited by a moderator: Dec 24, 2014
    MannDude likes this.
  4. DomainBop

    DomainBop Dormant VPSB Pathogen

    2,260
    2,190
    Oct 11, 2013
    The 3rd time that customers have had their data publicly exposed to unknown individuals, but when you consider that this is a company that hires poorly vetted questionable characters from Skype/chat rooms/Romper Room, and gives them access to customer info, and that this is also a company who has admitted vzctl'ing into its customers VPS's and running ls commands, then in reality the customers have probably had both their data and their personal info fall into the wrong hands countless times.

    edited to add: the same data breach notification rules I raked Fabozo over the coals for not following also apply to GVH.  Besides notifying payment processors, the crew at GVH also should probably familiarize themselves with the different data breach notification laws that states have enacted (FYI, it is usually the customer's state of residence, not the company's state of incorporation, that determines which state's laws the customer can seek relief under)

    edited again, forgot the link: http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx
     
    Last edited by a moderator: Dec 24, 2014
    k0nsl and MannDude like this.
  5. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    True. But they'll continue to earn business from 3rd worlders who don't speak or read English well who only know how to convert USD to their local currency to see that the price is very cheap, and since that is all they can afford, they'll continue to give GVH business regardless if they're down for 50% of the time like BlueVM or or get hacked and breached every week.

    It's actually very interesting, and it almost makes you want to start a social experiment where you start something up and purposely make it an awful experience for those using it to try to understand their mentality and reason for sticking with it. Is it a hope that it will get better? Is it literally all they can afford? What is it?
     
  6. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    https://secure.greenvaluehost.com/announcements.php?id=30

    Quoting it here as it will surely disappear in the future as past announcements have.
     
    DomainBop likes this.
  7. DomainBop

    DomainBop Dormant VPSB Pathogen

    2,260
    2,190
    Oct 11, 2013
    Posting the data breach notice is a positive and if he follows through with notifying the people whose data was compromised it will be another positive.  It's certainly better than the providers we've seen whose entire customer database was posted online and never notified customers.

    Please do not call the person who was responsible for creating a .tar.gz containing customer info in a public directory a "technician". :)
     
    Last edited by a moderator: Dec 24, 2014
  8. aggressivenetworks

    aggressivenetworks New Member

    50
    34
    Jul 16, 2014
    I would call them a DUMBASS or FIRED!
     
  9. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    I've seen the data dump.

    In there are what I suspect are all customer attachments to tickets.  Graphics.

    There are many identification document scans in the files.  There are several credit cards also.

    Lots of screencaps of management system fails. Same problems over and over.

    No database.
     
  10. Munzy

    Munzy Active Member

    432
    205
    Aug 13, 2014
    Does it include a configuration file?
     
  11. Aldryic C'boas

    Aldryic C'boas The Pony

    2,313
    2,652
    Apr 18, 2013
    Aldryic
    You're on the wrong forum to be looking to try and reuse a leaked SQL password.

    Their excuses are absolutely hilarious. "Loophole", "cloud".. had a good laughing fit over that line of BS.
     
    Geek and HalfEatenPie like this.
  12. KuJoe

    KuJoe Well-Known Member Verified Provider

    1,761
    1,318
    May 17, 2013
    On the bright side, this serves as a good lesson for other hosts who don't even think twice about the attachments directory in WHMCS. We have ours locked down and inaccessible to the outside world but I realized after reading this thread there's no need for me to keep files on the server after the ticket is closed.
     
    Nick_A likes this.
  13. Aldryic C'boas

    Aldryic C'boas The Pony

    2,313
    2,652
    Apr 18, 2013
    Aldryic
    I don't allow attachments, period.  Let's just say there's a hefty chance of it being less than safe.
     
  14. DomainBop

    DomainBop Dormant VPSB Pathogen

    2,260
    2,190
    Oct 11, 2013
    It should also serve as a good lesson for other hosts on how not to store personal identification documents that customers submit during the verification process.

    Repost of what I just posted on WHT:  Copies of passport/photo ID/utility bills and other documents that customers submit should be destroyed soon after verification is performed, and while the documents are awaiting verification they should never under any circumstances be stored unencrypted online as attachments in something like WHMCS.
     
    drmike likes this.
  15. drmike

    drmike 100% Tier-1 Gogent

    8,573
    2,717
    May 13, 2013
    What is the filename of such and directory if you know it?

    WHMCS should know better and be dealing with this better.  Prudent to crypt things like that.  It's general purpose dumping use.

    I won't harp, but no way WHMCS can be certified in any way I'd think...
     
  16. aggressivenetworks

    aggressivenetworks New Member

    50
    34
    Jul 16, 2014
    Well they have to contact the people affected by that tar.gz floating around in accordance with their own state laws. The law is called the Personal Information Protection Act
    815 ILCS 530/ which explains it all.  
     
    drmike and Geek like this.
  17. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    Because of just how difficult it would be to go through and cross reference IDs to accounts, wouldn't it be better just to inform everyone? Jonny says he'll inform those impacted. He seems like the type that won't follow through.

    Since the data was made public through GVH's wrong doings, perhaps someone will ethically use the data contained to contact each individual it impacted individually. I'm almost willing to bet most will not / have not been contacted by GVH and would be surprised to learn that their identities have been made very easy to be stolen. Someone should do the right thing, and as a 3rd party attempt contact to those who have been impacted using their leaked personal details to contact them.

    Just my $0.02.
     
  18. KuJoe

    KuJoe Well-Known Member Verified Provider

    1,761
    1,318
    May 17, 2013
    @MannDude similar to how people take DB dumps and create a website for people to search if their information was stolen?

    On that note, does anybody remember the name of that password keeping software company that e-mailed everybody who used their software and had an entry associated with a website that was hacked and the DB was dumped? There was a thread on LET and people were PISSED that a 3rd party contacted them about their username and passwords being posted online by the hackers. They weren't pissed at the hackers or the company that got hacked, they were pissed at the 3rd party for contacting them.
     
    lbft likes this.
  19. MannDude

    MannDude Just a dude vpsBoard Founder Moderator

    5,036
    2,634
    Mar 8, 2013
    MannDude
    I think you're thinking of LastPass and one of the several ChicagoVPS hacks.
     
  20. KuJoe

    KuJoe Well-Known Member Verified Provider

    1,761
    1,318
    May 17, 2013
    I did find that thread but I thought there was another one when one of the big companies like Adobe got hacked. Basically it was a bunch of people complaining that the 3rd party was violating their privacy and I remember replying that they were all morons for attacking the wrong people.
     
    Last edited by a moderator: Dec 25, 2014