Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Domain Factory' Confirms January 2018 Data Breach (theregister.co.uk)

Posted by msmash on from the security-woes dept.

German hosting company Domainfactory has taken down its forums after someone posted messages alleging to have compromised the company. From a report: Acknowledging the attack, the GoDaddy-owned (via Host Europe, acquired in 2016) company has advised customers to change their passwords and detailed the extent of the data breach claimed by the hackers. "While we investigate this data breach, we already know that third parties could have had unauthorised access to the following categories of data: Customer name; Company name; Customer number; Address; E-mail addresses; Phone number; DomainFactory Phone password; Date of birth; Bank name and account number (eg IBAN or BIC); and Schufa score." The company says it has secured the systems the attacker accessed.

14 comments

  1. Would Rust have prevented this breach? by Anonymous Coward · · Score: 0

    Would using a modern, security-first programming language like Rust have prevented this breach from happening?

    1. Re:Would Rust have prevented this breach? by Anonymous Coward · · Score: 0

      No, this breach was an intrusion into a computer database via software not a physical problem with the building. Rust has nothing to do with IT security.

    2. Re:Would Rust have prevented this breach? by Anonymous Coward · · Score: 0

      Would using a modern, security-first programming language like Rust have prevented this breach from happening?

      Rust will never prevent any attack because no one uses Rust for anything relevant. Perhaps except Servo.

    3. Re: Would Rust have prevented this breach? by Anonymous Coward · · Score: 0

      Rust has a lot to do with IT security. It entirely eliminates several attack vectors and attack surfaces that software written in C or C++ are vulnerable to. That lets security professionals focus on other vulnerable aspects of the systems in question. Rust can then be used to help strengthen the defense of these other vulnerable components, assuming Rust doesn't prevent the attacks in question completely.

      We're starting to see the top end security professionals adopting Rust because it's so proactive at putting safety and security first, without trading away performance or functionality. From a security standpoint, Rust is the best we've got.

    4. Re: Would Rust have prevented this breach? by Anonymous Coward · · Score: 0

      Stop spamming your stupid rust circlejerk shit everywhere. Rusty is a useless pile of shit just like you.

    5. Re:Would Rust have prevented this breach? by ledow · · Score: 2

      If the problem were that simple, everyone would have moved to Rust or similar languages decades ago.

      Simple fact, your (evangelical) choice of language does not change how you're forced to express your desires, or fix problems associated with the vast majority of programming errors.

      Though there are languages where being "misconstrued" is less likely in a minority of cases, most programming problems are caused by expressing totally the wrong thing and not what you intended at all, not a simple ambiguity of expression.

      Hint: There's a reason that Rust still includes "unsafe" functionality. Because what you WANT TO DO is unsafe, not how you want to say it. And that's almost always because you choose that tradeoff consciously (usually for performance or direct-hardware-acces).

      Just look at Java. Ignore the syntax of the language itself, but the concept. Partition everything off into a virtual machine, which could be WRITTEN IN JAVA ITSELF (self-hosting). Now do real-world deployment and you discover two things: 1) it doesn't stop bone-headed code, 2) you need to break out of the virtual machine via direct interfaces in order to get what you need done.

      It doesn't matter if you describe your security procedures in French or German. Unless you can PERFECTLY describe EXACTLY what you want to do, without possibility of any error, then it doesn't make any difference which one you choose to express it in.

    6. Re: Would Rust have prevented this breach? by Khyber · · Score: 1

      "It entirely eliminates several attack vectors and attack surfaces that software written in C or C++ are vulnerable to."

      That only happens when you're a n00b-ass that never picked up a proper programming book - e.g. most Rust programmers.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    7. Re:Would Rust have prevented this breach? by najajomo · · Score: 1

      Anon: "Would using a modern, security-first programming language like Rust have prevented this breach from happening?"

      No, as the fault lies in the underlying Intel MMU hardware ..

  2. The vulnerability appears to coincide with... by Anonymous Coward · · Score: 3, Interesting

    ... the outsourcing of the 24/7 operational server supervision to "LvivIT!", a Ukrainian IT service. Up to 2015, Domainfactory advertised "Hosting made in Germany". Prices increased when DomainFactory was sold to HostEurope and again when HostEurope was sold to GoDaddy.

  3. Re:I am APK the great by Khyber · · Score: 0

    "Listen as I relive my glory days of being a college athlete"

    The guy ain't no Al Bundy, come on. He's too physically retarded to have ever made it onto a football team with all that time spent sitting down and being a nerd.

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.