Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Domain Factory' Confirms January 2018 Data Breach (theregister.co.uk)

Posted by msmash on from the security-woes dept.

German hosting company Domainfactory has taken down its forums after someone posted messages alleging to have compromised the company. From a report: Acknowledging the attack, the GoDaddy-owned (via Host Europe, acquired in 2016) company has advised customers to change their passwords and detailed the extent of the data breach claimed by the hackers. "While we investigate this data breach, we already know that third parties could have had unauthorised access to the following categories of data: Customer name; Company name; Customer number; Address; E-mail addresses; Phone number; DomainFactory Phone password; Date of birth; Bank name and account number (eg IBAN or BIC); and Schufa score." The company says it has secured the systems the attacker accessed.

2 of 14 comments (clear)

  1. The vulnerability appears to coincide with... by Anonymous Coward · · Score: 3, Interesting

    ... the outsourcing of the 24/7 operational server supervision to "LvivIT!", a Ukrainian IT service. Up to 2015, Domainfactory advertised "Hosting made in Germany". Prices increased when DomainFactory was sold to HostEurope and again when HostEurope was sold to GoDaddy.

  2. Re:Would Rust have prevented this breach? by ledow · · Score: 2

    If the problem were that simple, everyone would have moved to Rust or similar languages decades ago.

    Simple fact, your (evangelical) choice of language does not change how you're forced to express your desires, or fix problems associated with the vast majority of programming errors.

    Though there are languages where being "misconstrued" is less likely in a minority of cases, most programming problems are caused by expressing totally the wrong thing and not what you intended at all, not a simple ambiguity of expression.

    Hint: There's a reason that Rust still includes "unsafe" functionality. Because what you WANT TO DO is unsafe, not how you want to say it. And that's almost always because you choose that tradeoff consciously (usually for performance or direct-hardware-acces).

    Just look at Java. Ignore the syntax of the language itself, but the concept. Partition everything off into a virtual machine, which could be WRITTEN IN JAVA ITSELF (self-hosting). Now do real-world deployment and you discover two things: 1) it doesn't stop bone-headed code, 2) you need to break out of the virtual machine via direct interfaces in order to get what you need done.

    It doesn't matter if you describe your security procedures in French or German. Unless you can PERFECTLY describe EXACTLY what you want to do, without possibility of any error, then it doesn't make any difference which one you choose to express it in.