Hosting provider, Colocrossing has been breached: database

[Cpvr]

According to a reddit post, ColoCrossing has experienced a security breach through their emailing system and its effecting various customers;

Reddit - The heart of the internet

www.reddit.com

Email from ColoCrossing. It appears as if they have been hacked.

Any other ColoCrossing customers receive this email? It appears as though they have had a serious breach.

Subject: Formal notification of system breaches in ColoCrossing infrastructure - demanding immediate action

Dear representatives of ColoCrossing administration and users of hosting services,

We hereby inform you of documented facts that testify to gross violations in the operation of your infrastructure:

1. Illegal content and lack of moderation

\- Numerous instances of:
\* Deepfake content using images of public figures and private citizens
\* Content that violates legislation on the protection of minors
\* Extremist and violent content.

2. Critical security vulnerabilities

\- Multiple attack vectors have been identified that allow:
\* Gain unauthorized root access to client servers
\* Bypass authentication and authorization systems

3. Misuse of infrastructure for illegal purposes

\- There are cases of exploitation of your resources for:
\* Organizing botnets and distributing malware
\* Providing anonymization of illegal activities via Tor-nodes, as well as XRay/WireGuard/X-UI/OpenVPN protocols.

Requirements for the administration of ColoCrossing, as well as users who have stored such content:

\- Contact us
\- Pay us for our silence so that we don't hand over logs/emails/ip addresses and other information proving violations.
\- Resolve problems with similar content, we can help with this for an additional fee.

User Recommendations:

Until confirmation that the above violations have been remedied, we strongly recommend that you refrain from:
\- Storing sensitive data on the platform
\- Conducting financial transactions through ColoCrossing as well as HostPapa Inc. services.
\- Using hosting services for mission-critical projects

To confirm remediation of breaches and for more information:

Telegram: [https://t.me/ransombotbot](https://...L0n72jS-2F4LplXrY9TjR9BbcUZpQUQS2heqlw-3D-3D)

Please note that in the absence of an adequate response within the established timeframe, a full whistleblowing procedure will be initiated to inform all stakeholders of the identified violations, including:

\- Regulators of relevant jurisdictions
\- Media
\- Professional community


EDIT: A follow up email has been sent aswell.

Those who come to waste our time, don't even try. You're only wasting your own time. Please write on the matter at hand.

Also, please, ColoCrossing users, write to the tickets in billing with a request to the administration to contact us at the following contacts: [

Telegram – a new era of messaging

Fast. Secure. Powerful.

t.me

And those who want to support us, here are our crypto wallets:

0x836e3ade097a4b89441d26e75448e8a60f38d01e
TDpzqDtMHPXtCKhcCV2jfkLwCzHHN3MFsU
bc1qhrwc9np9y5c4rv3wyy2pwx8zfkfeucr5zaxq57


There’s also a forum discussion that covers this hosting provider’s database being breached, which is known for covering various hosting providers:

ColoCrossing Database Breach

Just got this email to my registered ColoCrossing email (Image) Full Email Text: (Spoiler) Edit: email headers: https://pastebin.com/VjvE706L

lowendtalk.com

 

[Ravenfreak]

I never heard of this hosting company before, that really sucks. It's never a good thing whenever hosting companies get breached.