Romanian hackers in december 2011 compromised on a shellserver from Xs4all. They got encrypted passwords of system administrators in the hands, but also knew of 30 users passwords unencrypted to listen.
Xs4all believes that the hackers succeeded in the affected machine, xs3.xs4all.nl through a known exploit to access it. The Romanians got the system file with account details and encrypted passwords of the system administrators in hands and published them on the internet.
They succeeded, however, in the system for ssh access to customize, light, Jacques Schuurman, Security Officer for Xs4all. The data from thirty users who in the period of the hack via ssh connection, were afterwards by the hackers copied to a specially decorated file. For example, they had the username and the unencrypted password in possession.
Schuurman can’t say how long the hack undetected is the same: “Judging by the fact that in this period of thirty customers inlogden, I think, a couple of days. After the discovery, we have the system offline immediately removed.” The passwords of the system administrators are then changed and the Security Officer do you think that the hackers compromised: “Those are so strong that they were there for a number of years.” For other customers, the hack had no impact, he assures.
The affected thirty customers are by mail and by telephone, will be informed and told that their passwords had to change. This enabled the provider to set a deadline: accounts after that time period, not of a change in the password were blocked. The reason that the hack only now comes out is, according to Schuurman, that the study took place at the time of the preparation of the annual report for 2011: “We are reporting this kind of privacyinbreuken in the annual report. This incident comes in the report of 2012. Also has our privacy officer reported in detail in his log book.” Xs4all claims to the monitoring and security tightened up after the hack.