According to Heise, another company was indeed the victim of a data breach. The victim company is one of Germany’s largest managed service providers, DomainFactory, a subsidiary of GoDaddy (acquired by Host Europe in 2016).
Last week, the company stated in its announcement that an anonymous hacker posted on DomainFactory’s technical support forum that he had successfully invaded the DomainFactory’s customer database. As evidence, the hacker also shared the internal data of several DomainFactory customers.
After discovering this post, the company immediately processed its forum offline and launched an investigation. The survey results show that the hacker’s statement is not fictitious. At the same time, it was confirmed that unauthorised access from outside occurred on January 28, 2018, and that the hacker might have exploited a variant of the Dirty Cow vulnerability.
DomainFactory finally confirmed this leak last weekend and announced the types of data that can be accessed by hackers, including:
- company name
- Customer account ID
- Actual address
- Email address
- telephone number
- DomainFactory mobile phone password
- date of birth
- Bank name and account number (e.g. IBAN or BIC)
- Schufa score (German credit score)
Cybercriminals can use this information to conduct targeted social engineering attacks on DomainFactory customers.
DomainFactory is currently advising its customers to change the passwords for all of the following services and applications as a “precaution” and advise customers to change the passwords of other online services that use the same password at the same time.
- Customer password
- Phone password
- Email password
- FTP/Live disk password
- SSH password
- MySQL database password
Since the compromised data can be used for identity theft and create a direct debit for the customer’s bank account, Heise also recommends that DomainFactory customers should review their bank statements shortly to discover any unauthorised transactions instantly.
So far, it’s unclear how hackers enter the Domainfactory server, but De Heise said there are no signs of attackers selling or posting data online.