CPanel says the company has managed to strike back against a cyberattack levied against servers containing customer data.
The popular Web hosting platform management tool provider, used by millions, offers the cPanel and WebHost Manager systems for both private and dedicated servers to manage the backend of Web domains.
An an online service with such reach, however, the platform is a target for attackers — and a recent data breach may have been foiled.
Last week, Director of Internal Development Aaron Stone said in a statement that one of the cPanel customer databases “may” have been breached. The executive said cPanel was able to “interrupt” the breach, and so it is not known whether customer data was exposed.
The information in question stored in the database included names and contact information and passwords. However, luckily for users, the passwords were encrypted and salted, which makes it difficult for cyberattackers to crack and elicit this account data.
Credit card information was stored on a separate system and there is no evidence this data was exposed or stolen.
“Although current passwords are stored salted and encrypted, we are accelerating our move to stronger password encryption at the same time in order to minimize disruption.
In order to safeguard the system, we will force all users with older password encryption to change their passwords.”
This month, cPanel pushed new builds of the management system which patched numerous vulnerabilities within cPanel & WHM. Some of the security flaws patched resolved bugs which could allow attackers to remotely execute code, potentially leading to system damage, surveillance and data theft.
“It is important to highlight that this incident was not related to cPanel products or the Targeted Security Release published on January 18th,” Stone says.
As cPanel systems undergo improvement, users will be asked to reset and change their credentials.
Read on: Top picks