French web host
OVH announced recently that internal network security at its Roubaix offices was compromised when a hacker accessed an email account of a member of its system administrator staff. This led to the hacker accessing the internal Virtual Private Network (VPN) of another member of staff and ultimately compromising a system administrator's access.
The company believes the hacker was attempting to access its European customers database and the company's Canada-based installation server system. After the attack customers were notified by email that they should change their user names and passwords. However, the company stressed that no credit card information is stored at OVH, so the hacker could not have accessed credit card details. Criminal charges were filed with the relevant judicial authorities.
As a result of the incident, the company has established new security procedures. All employees' passwords were regenerated and the company set up a new VPN in a dedicated "highly restricted" PCI-DSS room. The company also established three verification levels for "critical access" amongst its staff. These include IP source verification, a password and a "YubiKey" USB security token. Accessing the company's internal emails is now only possible from within the company's office or through its VPN.
In a statement on the company's website, spokesperson "Octave" said of the incident, "Overall, in the coming months the back office will be under PCI-DSS which will allow us to ensure that the incident related to a specific hack on specific individuals will have no impact on our databases. In short, we were not paranoid enough so now we're switching to a higher level of paranoia. The aim is to guarantee and protect your data in the case of industrial espionage that would target people working at OVH." PCI-DSS is an international security standard covering services related to payment card data.
Have you ever been hacked? Let us know your experience. Add your comments below.
