German web hosting firm DomainFactory suffers data breach

SmartNA PortPlus - High Performance Visibility Solutions that scale with your network.

DomainFactory, one of the largest web hosting companies in Germany, has suffered a data breach.

The breach dates back to January 29, 2018, and the attacker had access to the following data: customer name, company name, customer number, address, email address, telephone number, DomainFactory phone password, date of birth, bank name and account number, and Schufa score (German credit score).

DomainFactory data breach

About the DomainFactory data breach

The first indication that a breach happened was a post by the attacker on the DomainFactory support forum on July 3 (last Tuesday).

The forum has since been temporarily shut down but, according to Heise Online (in German), the attacker published data of a number of customers as proof.

The attacker also said he hacked the hosting provider to obtain the data of a person who apparently owes him a large amount of money. But after he realized that DomainFactory was not disclosing the breach to its customers, he took the task upon himself.

DomainFactory finally confirmed (in German) the breach on Friday and said they have started an investigation, called in external experts to help with it, notified the relevant data protection authority and are working on securing their systems to prevent similar breach in the future.

The company said that the attacker accessed the data after “a data feed after a system change inadvertently made certain customer information accessible to outside parties.”

What should customers do?

They are advising customers to change all of their passwords – customer, telephone, email, FTP/LiveDisk, SSH, MySQL passwords – and to monitor their bank statements. The compromised data can be used for identity theft and to create direct debits for customers’ bank account, they warned.

It can also be used for targeted social engineering attacks against the customers.

According to Heise, though, the hacker does not give the impression that he wants to sell the captured data or put it online. He apparently just published some to prove that he had really broken into the company’s systems.

He also claims that he accessed the company’s internal network after taking over control of a shared server that’s hosting the website of the DomainFactory customer who owes him money.