amuck-landowner

I guess DamnVPS/ThrustVPS got hacked

NodeKid

New Member
Got this little gem this morning (haven't been a customer in a very long time); obviously the return address is NOT Damn/Thrust but watch out!


This is a notification to let you know that we need to verify for reduce fraud.

 

 We want your data as soon as possible.

 

 The data that we need is as follows:

 

 Server Username (Included)

 

 Server Password (Included) 

 

 Full Name (Included) 

 

 Address (Included) 

 

 City (Included) 

 

 State (Included) 

 

 ZIP (Included) 

 

 Phone Number (For Call To Verify) 

 

 Country (Included) 

 

 Paypal Email(If Order With Paypal) 

 

 Paypal Password (If Order With Paypal) 

 

 Credit Card Information (If Order With Credit Card) 

 

 Scan Of Credit Card Front And Back (If Order With Credit Card)

 

 Data is sent to Email : [email protected]

 

 http://damnvps.com - Damn::VPS - We give a damn
 
Last edited by a moderator:

MannDude

Just a dude
vpsBoard Founder
Moderator
Yeah that's a pretty obvious scam email. I hope no one falls for it. I suspect you've already reached out to DamnVPS and let them know? Have they returned a statement?

Crazy stuff.
 

NodeKid

New Member
I flagged it as soon as I read the badly worded first sentence.

Yes, it's pretty obvious but perhaps not to all which is why I posted. I cross posted this to LET but go the usual smart arse attitude completely missing the point that the reason scams work is because some people are vulnerable. Whatever.

Yeah I pinged them but no reply, not going to waste any time on it since I'm no longer a customer.
 

Epidrive

New Member
Verified Provider
So really, whos so stupid to fall for that
 
Last edited by a moderator:

NickM

New Member
Verified Provider
I'm a former customer, and haven't gotten the email, so I don't think it was a database leak.  Unless they just haven't gotten to me yet, or it just got completely rejected.
 

sv01

Slow but sure
I'm a former customer, and haven't gotten the email, so I don't think it was a database leak.  Unless they just haven't gotten to me yet, or it just got completely rejected.
I'm a former customer too, and I got these email but with different email :


Data is sent to Email : [email protected]
Thanks in advance for your patience and support.
http://damnvps.com - Damn::VPS - We give a damn
IP Sender match with rDNS


Received: from server.damnvps.com ([87.117.244.16]:47085)
    by xxxxxx with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
    (Exim 4.82)
    (envelope-from <[email protected]>)
    id 1W4Ma2-0004Xl-5o
Code:
server.damnvps.com has address 87.117.244.16 
16.244.117.87.in-addr.arpa domain name pointer server.damnvps.com.
inetnum:        87.117.244.0 - 87.117.244.31
netname:        ThrustVPS_HH
descr:          Thrust::VPS
Last time I got email from them about Urgent Maintenance on 2012-12-20 17:13


using same IP


Received: from server.damnvps.com ([87.117.244.16]:41958)
    by xxxxxx with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
    (Exim 4.80)
    (envelope-from <[email protected]>)
    id 1Tld8X-0006D0-0m
    for xxxxxxxxx; Thu, 20 Dec 2012 17:13:58 +0700
maybe someone send phising email using their mail server
 

danmactough

New Member
Got the phishing email yesterday. Woke up this morning to find that my OS had been reinstalled. 

F*cker's IP was logged as 67.213.218.73
 

raindog308

vpsBoard Premium Member
Moderator
Their site is still offline - guess they're gone - ?

Not that I really care.  I thought their service was garbage when I tried it.
 

Francisco

Company Lube
Verified Provider
Dear (customer name)

Further to our email earlier regarding the phishing email that was sent out - it turns out it had came from our server - upon further investigation the attacker had managed to gain access to the whmcs installation and upload his own files namely a php shell and a mailer script.

These have now been removed and the server has been secured - We are also looking to introuduce extra security to make sure we have no further repeat of issues you have experienced over the weekend.

As a precaution can we ask our clients to login and update there password as soon as possible. We do not store any credit card information on our systems so this will not have been compromised or effected in any way.

We would also advise you to update your password on any sites that may have shared the password you use with us.

If you are having issues with your account can I ask you raise a ticket to [email protected] via your registered email address to allow us to assist you quickly.

Our apologies for any inconvenience this has caused and please let us know if there is anything we can assist with during this time.

Kind Regards,

ThrustVPS Admin Team
@Jack - What are the data breach laws like in the UK? I'm wondering if IOMART has already gone to the authorities over it.

Francisco
 
Top
amuck-landowner