Swedish slip-up leaks hosting company's customer data

A major Swedish web hosting has been compromised and its entire customer database leaked.

The company, Loopia, made the announcement here, saying the breach happened last Tuesday (August 22), and it notified customers on Friday, advising of a system-wide password reset and telling them to update their personal information.

The statement says “the hackers have had access to parts of the customer database, including personal and contact information and encrypted (hashed) passwords to Loopia Kundzon”. Payment information such as credit cards didn't leak, the company says, and customers' hosted sites and e-mail services weren't compromised.

The company explained the three-day delay on the basis that it needed time to secure its systems before it went public about the breach.

CEO Jimmie Eriksson told local outlet NyTeknik: “We were not sure how the attackers had gone, and needed a clearer picture of it before we went out with information. Now all customers have been informed. As an additional security measure, we have changed all customer numbers and passwords to all customer accounts”.

According to Upphandling24, Loopia has “hundreds of thousands” of customers, the largest of which include “Stockholm City, [the] Karolinska Institute and Västra Götaland Region”. ®