Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Wipe US Servers of Email Provider VFEmail (zdnet.com)

Posted by msmash on from the attack-and-destroy dept.

Hackers have breached the severs of email provider VFEmail.net and wiped the data from all its US servers, destroying all US customers' data in the process. From a report: The attack took place yesterday, February 11, and was detected after the company's site and webmail client went down without notice. "At this time, the attacker has formatted all the disks on every server," the company said yesterday. "Every VM is lost. Every file server is lost, every backup server is lost. This was more than a multi-password via SSH exploit, and there was no ransom. Just attack and destroy," VFEmail said. The company's staff is now working to recover user emails, but as things stand right now, all data for US customers appears to have been deleted for good and gone into /dev/null.

13 of 157 comments (clear)

  1. There were NO offsite backups????? by sconeu · · Score: 4, Insightful

    No offsite backups? No tapes????

    Who designed the disaster plan for these guys?

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    1. Re:There were NO offsite backups????? by Anonymous Coward · · Score: 3, Interesting

      The business plan probably.

      If you do make backups, you are too expensive, certainly cannot compete, and will go out of business. No income for you.

      If you do not make backups, you may make a nice buck for a while before the thing explodes in your face. Hell, maybe you are lucky and it never explodes at all.
      Regardless, at least you will make money for a while. So this scenario is clearly the winner. Screw the damage to your future ex customers, that is not your problem.

    2. Re:There were NO offsite backups????? by Anonymous Coward · · Score: 4, Funny

      From a cannon. Into the sun.

    3. Re:There were NO offsite backups????? by rickb928 · · Score: 3, Insightful

      It *is* a PITA to put a tape in your bag, open up the fireproof safe at home, throw it in, get the *correct* one out, put it in your bag, and remember the next day to put that where it needs to be. And repeat. /s

      I did that for years. And I slept a little better.

      --
      deleting the extra space after periods so i can stay relevant, yeah.
    4. Re:There were NO offsite backups????? by rickb928 · · Score: 3, Insightful

      Once you're in the front door, you're going through the system. Only offline backups can be trusted to 'be there'.

      And no offline copies of the VM environment? I think of those as especially precious. DO I want to rebuild those from scratch? Nope.

      --
      deleting the extra space after periods so i can stay relevant, yeah.
  2. You mean just the online backup servers... by SuperKendall · · Score: 4, Interesting

    Every file server is lost, every backup server is lost.

    So, that's the online backup servers, but what about the offline backups... there were offline backups, right? RIGHT???

    I am starting to wonder if I don't need to ask every single electronic service I interact with to put in writing what tighter backup policies are. I imagine my stuff on gmail servers is safe... but that is truly only my imagination, who can say for sure even they have offline backups (that can be restored from)??

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:You mean just the online backup servers... by bobbied · · Score: 4, Insightful

      Also, depending on how nasty they were being, they might have lurked long enough to poison the offline backups too. People tend to not actually check them till something goes wrong.

      AND, when they check, some 70% turn out to be insufficient or not restorable. Most turn out to be nearly useless for anything but giving you a warm fuzzy feeling as you trot them off to offsite storage.

      Having a backup plan is one thing, TESTING your backup plan is the next level.... However, revising your backup plan and TESTING your backups are restorable on a regular basis is the only way to know it will work when the chips are down. IF you don't do all this work, it's NOT really backed up, regardless of how many tapes you put into storage.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  3. IMAP/POP3 provider... by b0s0z0ku · · Score: 4, Interesting

    Thankfully, VFEmail was primarily an IMAP/POP3 provider. I suspect that the majority of its users had a local backup in the form of an email client with a local store...

    1. Re:IMAP/POP3 provider... by chiefcrash · · Score: 3, Informative

      Which, hopefully they've been paying attention: the current state of recovery means if you reconnect your client to your new mailbox, all your local mail will be lost (according to an update on their website)

      --
      Show me on the 1st Amendment bobblehead where the moderator touched you...
  4. No backup can be a feature by b0s0z0ku · · Score: 4, Interesting

    That can be both a bug and a feature. No backups mean that there's no cache of deleted emails. Some users may want the ability to truly delete data, not have it able to "appear" due to legal proceedings 5 years from now.

    I'd say it's on the users to back up their email using a client that locally caches IMAP folders or downloads via POP3.

    1. Re:No backup can be a feature by Aighearach · · Score: 3, Insightful

      It would seem more practical to just limit the stored backups to the last n copies, like you do with rotated log files.

      If it can only come back for two weeks or something, that is sufficient for most use cases.

  5. Sounds like a cleanup operation by misnohmer · · Score: 4, Interesting

    Maybe someone needed an email to disappear to avoid public embarrassment or legal trouble.

  6. Replication != Backup by bodog · · Score: 3, Insightful

    Looks like ZFS replication may have been their backup plan? https://www.vfemail.net/design...