Cyber criminals steal data from Fasthosts and force hundreds of websites to shut down

(07/12/2007)

Hundreds of websites have been shut down temporarily by one of the largest web hosting companies in Britain after the personal details of customers were stolen by computer hackers. The hackers managed to access the “master database” of Fasthosts for information, including addresses, bank details, e-mails and passwords. The action is expected to lose vital business for hundreds of small companies in the run-up to Christmas.

The impact of this incident is serious:
· The potential availability of a large volume of data that can provide a revenue stream for malicious gain
· Infringement to data protection laws
· Damage to confidence in web hosting companies
· Potential opportunity if the data falls into the wrong hands to be used for financial gain
· Damages to businesses in terms of customer trust, future use and loss of income, both immediate and long-term

Business and consumers worried about the fallout of this attack should:
· Ensure the computer(s) has an up-to-date anti-virus and anti spyware software package in place
· Install and turn on a personal firewall, which will stop a targeted attacker
· Regularly install update patches in order to fix trapdoors that someone can use to get into your system
· Do not open email attachments from unrecognisable sources
· Choose an Internet security provider that considers security. A number of ISPs now offer email filtering and content filtering protection
· Change passwords regularly and avoid using numbers of names that are easily recognisable

“The theft of data from Fasthosts is a further example of cyber criminals continual attempts to target large organisations and businesses in order to access to vast quantities of sensitive data. Businesses are already reporting large financial losses and fear that their businesses will be forced to close as a direct result. This is not a small scale attack by any stretch of the imagination and there is potential for the thieves to have accessed everything on the database. The growing number of incidents of this type highlights the the extensive value such data can provide for cyber criminals with malicious intent. Companies of all sizes need to take note and learn from these highly publicised mistakes and continue to prioritise their security procedures in order to maintain maximum data safety.” commented Sal Viveros, security analyst from McAfee.

This incident in a crucial retailing period before Christmas is a further blow to the web hosting community. Web hosting companies are an easy target to hit multiple businesses in one fell swoop. “Firewalls have improved significantly, so it is now difficult to perform attacks on a network level, therefore hackers are now aiming at the web application level”, said Yaacov Sherban, CEO of Applicure. “Unfortunately, web application developers are writing pretty awful code. This is a major issue, and most web applications are vulnerable at some level.”

Related topics:  Authentication and identity management   Data management and data security   Encryption   Hacking and intrusion prevention   Security management and policies   Security threats and vulnerabilities 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources