Feeds

InterWorx admits password security FAIL led to attack on users

Change up

Boost IT visibility and business value

Web-hosting administration outfit InterWorx has warned users to change their passwords following a deep penetrating hack attack.

The assault on the firm's support desk database exposed users' login credentials because the support desk software was storing email and password data in plain text. Users were strongly advised to change their passwords on any site they accessed using the same login credentials as they used with InterWorx.

The compromise – which ran between 28 February and 5 March – gave hackers admin control of websites administered through InterWorx, a facility they soon set about abusing in order to distribute malware.

In a notice warning of the breach, InterWorx warns that a "few clients" have had their servers "modified to distribute malware javascript, as a direct result of this attack".

InterWorx apologised for the breach in an email sent to users on Thursday and forwarded to El Reg. Breaches at web service firms that result in requests to change up passwords are far from unusual. The InterWorx breach is on the serious end of such breaches; the only silver lining is that its billing portal was run off a separate, segregated server and not hit by the attack.

The web-hosting services firm has promised a full security review in the wake of the incident.

US-based InterWorx provides a web-hosting control panel that is designed to make work easier for website administrators. The technology incorporates high-availability clustered features absent from some competing services. ®

The essential guide to IT transformation

More from The Register

next story
The Return of BSOD: Does ANYONE trust Microsoft patches?
Sysadmins, you're either fighting fires or seen as incompetents now
Microsoft: Azure isn't ready for biz-critical apps … yet
Microsoft will move its own IT to the cloud to avoid $200m server bill
US regulators OK sale of IBM's x86 server biz to Lenovo
Now all that remains is for gov't offices to ban the boxes
Flash could be CHEAPER than SAS DISK? Come off it, NetApp
Stats analysis reckons we'll hit that point in just three years
Oracle reveals 32-core, 10 BEEELLION-transistor SPARC M7
New chip scales to 1024 cores, 8192 threads 64 TB RAM, at speeds over 3.6GHz
Object storage bods Exablox: RAID is dead, baby. RAID is dead
Bring your own disks to its object appliances
Nimble's latest mutants GORGE themselves on unlucky forerunners
Crossing Sandy Bridges without stopping for breath
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.