Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Wipe US Servers of Email Provider VFEmail (zdnet.com)

Posted by msmash on from the attack-and-destroy dept.

Hackers have breached the severs of email provider VFEmail.net and wiped the data from all its US servers, destroying all US customers' data in the process. From a report: The attack took place yesterday, February 11, and was detected after the company's site and webmail client went down without notice. "At this time, the attacker has formatted all the disks on every server," the company said yesterday. "Every VM is lost. Every file server is lost, every backup server is lost. This was more than a multi-password via SSH exploit, and there was no ransom. Just attack and destroy," VFEmail said. The company's staff is now working to recover user emails, but as things stand right now, all data for US customers appears to have been deleted for good and gone into /dev/null.

6 of 157 comments (clear)

  1. You mean just the online backup servers... by SuperKendall · · Score: 4, Interesting

    Every file server is lost, every backup server is lost.

    So, that's the online backup servers, but what about the offline backups... there were offline backups, right? RIGHT???

    I am starting to wonder if I don't need to ask every single electronic service I interact with to put in writing what tighter backup policies are. I imagine my stuff on gmail servers is safe... but that is truly only my imagination, who can say for sure even they have offline backups (that can be restored from)??

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:You mean just the online backup servers... by Anonymous Coward · · Score: 0, Interesting

      I imagine my stuff on gmail servers is safe... but that is truly only my imagination, who can say for sure even they have offline backups

      Google is one of the few companies that I'd be the least worried about in that case.
      But they do have various data center tour videos and recorded talks about how they go about things, at a high level at least.

      They have outright stated they do not do offline backups of any form at all.
      Google utilizes their own home-made massively distributed storage system, relying on online backups duplicated to insane degrees.

      They've talked about how data-chunks on drives exist on many drives in a cluster, over many cluster servers in a data center, and in multiple data centers around the world. "Hundreds of copies" was a phrase used.

      It was said they do make backups in the sense of retaining many copies made at different points in time. So not just one master/live iteration of the data duplicated, nor just a copy like those who override the previous copy with the current and claim its a backup.

      But, no offline storage. Which I guess in such a massive and automated system would be expected.

      On the other hand, how often does any google service go down even when an entire data center is offline and there's no power to the city its in?
      Beyond them choosing to kill off a service intentionally after a few years, it's pretty rare for unintentional outages.
      So much so that when youtube went partially offline for 60 minutes once in the last 13 years it made international news headlines for days.

  2. IMAP/POP3 provider... by b0s0z0ku · · Score: 4, Interesting

    Thankfully, VFEmail was primarily an IMAP/POP3 provider. I suspect that the majority of its users had a local backup in the form of an email client with a local store...

  3. No backup can be a feature by b0s0z0ku · · Score: 4, Interesting

    That can be both a bug and a feature. No backups mean that there's no cache of deleted emails. Some users may want the ability to truly delete data, not have it able to "appear" due to legal proceedings 5 years from now.

    I'd say it's on the users to back up their email using a client that locally caches IMAP folders or downloads via POP3.

  4. Sounds like a cleanup operation by misnohmer · · Score: 4, Interesting

    Maybe someone needed an email to disappear to avoid public embarrassment or legal trouble.

  5. Re:There were NO offsite backups????? by Anonymous Coward · · Score: 3, Interesting

    The business plan probably.

    If you do make backups, you are too expensive, certainly cannot compete, and will go out of business. No income for you.

    If you do not make backups, you may make a nice buck for a while before the thing explodes in your face. Hell, maybe you are lucky and it never explodes at all.
    Regardless, at least you will make money for a while. So this scenario is clearly the winner. Screw the damage to your future ex customers, that is not your problem.