konsoleH Database Compromise

wordpress configuration service

On 1 Nov 2017 we became aware of unauthorized access to our konsoleH Control Panel database. We can confirm that a SQL injection vulnerability was identified within konsoleH, which has been corrected.

We shut down access to konsoleH during the course of the day while investigations proceeded .

While konsoleH Admin passwords have not been compromised, we have proactively updated all FTP passwords, which were exposed.

It is imperative that customers update all passwords associated with your Hetzner account immediately, including konsoleH admin passwords.

What information was exposed?

The following details have been exposed:

  • Customer details (name, address, ID number (where applicable), telephone numbers and email addresses)
  • Domain names
  • FTP passwords
  • Bank account details (cheque/savings). No credit card details are stored.

What do you need to do?

Customers should update the following passwords immediately:

  • All database access passwords (Find out how to do this here).  Note, you will need to update your web application database connection strings.
  • While we have updated all FTP passwords, customers will need to reset this password to gain access  (Find out how to do this here)
    • If you have made use of an additional FTP user, please manually update these passwords via konsoleH
  • All email passwords that have not been updated recently. (Find out how to do this here). (Note that this is a proactive step as we have not recorded mailbox passwords for a while).
  • While this password was not compromised, we recommend that konsoleH Control Panel login passwords should also be updated. (Reset your password here)

Should you have provided konsoleH access details to any other parties, please advise them to update their login details as soon as possible. Mailbox users are able to update their passwords via our Webmail interface (webmail.konsoleh.co.za) (Find out how to do this here).

We have external forensic investigators on site working with our team. We understand that this event has shaken your confidence in us. It is our earnest commitment to provide you with a hosting service you can trust.

 

if you need assistance with joomla or wordpress database update and configuration please call me

  • Created on .
  • Hits: 677
  • Joomla and WordPress Website Design

    Joomla and WordPress Website Design

    We are a web design company based johannesburg

Copyright © 2002 Cartmell & Cartmell Communications Pty Ltd.
Drive the convergence of media, telecommunications and commerce and allows clients to interact with their markets, staff, partners and clients.