Security Incident FAQs

Where was there a incident?

There was an incident on our billing platform, shop.hosturly.com. Following a thorough investigation in collaboration with a leading cybersecurity firm, Arctic Wolf, we’ve determined that a breach originated from a template developer, RSStudio, the creator of the widely-used Lagom theme. While we have not directly utilized the Lagom theme in recent years, we did have software from them on our billing system to support our email templates. This developer is used by thousands of hosting companies, and as a result, numerous other providers have been affected in recent months.

What information has been exposed?

Our investigation points to the following information being exposed:

• Full names, addresses, email addresses, and phone numbers

• Emails/usernames and hashed passwords used for logging into our billing platform
• Please note that these passwords are hashed and unintelligible; however, out of a concern for caution, please refer to the sections below on what to do to protect yourself.

• Information regarding hosting services you have/had with us
• Domains, usernames, and plain-text passwords for services
• These plain-text passwords are the passwords used when a service is first deployed on our platform. It is imperative to change the password if haven’t since receiving the service. Please refer to the sections below on what to do to protect yourself.

• Last four digits and expiration dates of saved cards
• Please note that your full credit card number and security code were not compromised, as this information is stored securely at our payment processor, Stripe. Transactions via PayPal and cryptocurrency are also secure as they are processed externally from our billing platform. Consequently, we do not anticipate unauthorized transactions.

• Invoices, quotes, emails, and tickets
• This does not include any communication on our live chat or phone system.

• Administrative information, logs, and notes

What steps have you taken to prevent this from happening?

We’ve taken the following steps to mitigate such incidents from occurring in the future:

• Inquired assistance from our cybersecurity partner, Arctic Wolf, to conduct a full evaluation of our infrastructure to further enhance security measures.

• Provisioned a new WHMCS instance on a new system completely isolated from the previous installation.

• Removed all third-party software that has not undergone vigorous penetration testing by our team.

• Revoked logins to our billing platform (shop.hosturly.com) and control panels (VPS, web, domain, dedicated/colocation, game, and firewall/filter). You will need to reset your password to regain access. More information can be found below.

• Rotated all API keys used on our billing platform.

• Engaged with law enforcement agencies, including the Federal Bureau of Investigation (FBI) Cyber Division, for further assistance.

What can I do to protect myself?

We have created a guide for the recommended next steps. Please refer to the following information below:

• Reset passwords across our billing platform and control panels to regain access.
• Billing Platform: shop.hosturly.com/password/reset
• VPS Panel: vps.hosturly.com/#act=login&sa=fpass
• Web Panel: Use the “Change Password” option on the Product Details page on shop.hosturly.com or via chi-1.webservercp.com:2083/resetpass.
• Dedicated/Colocation Panel: Use the “Login to Panel” option on the Product Details page on shop.hosturly.com. Once loaded, navigate to “My Account” by clicking on your name in the top right corner. You will then see an option to reset your password.
• Game Panel: game.hosturly.com/auth/password
• Firewall/Filter Portal: Please reset your shop.hosturly.com password first and then proceed to log in to firewall.hosturly.com. You may be met with an error stating “You don't have any IPs assigned to your account. Please contact support.” If so, please wait about 5-15 minutes for the system to sync. If you don’t have all of your IPs after syncing, please contact us to get them reapplied. If you use Google single sign-on (SSO), please contact us for a new login.

• Reset all passwords to services you have with us immediately. We strongly recommend always changing your original deployment passwords upon setup and never using the same password twice.
• VPS services: help desk guide
• Web services: If you reset the password to the web panel, you have already changed your service password. If you have not, please use the “Change Password” option on the Product Details page on shop.hosturly.com or via chi-1.webservercp.com:2083/resetpass.
• Dedicated/Colocation services
• Windows: help desk guide
• Linux: help desk guide

• Implement Two-factor authentication (2FA) wherever possible.

If I have any questions, who and where can I contact someone?

If you have any questions or concerns, please do not hesitate to contact us directly via our live chat, ticket, or email Will directly at will@infraly.co.

Conclusion

Please remain vigilant as there is a possibility of receiving unsolicited communications via email or text message prompting you to provide information, click on web links or download software. Please be sure to verify the source before acting upon any such request. Your security, privacy, and trust in us are of paramount importance. We recognize the critical need for transparency in incidents like these and are committed to keeping you informed about all matters affecting your service. Should you have any questions or concerns, please do not hesitate to contact us via live chat, ticket, or email me at will@infraly.co. Our team is here to support you and provide any additional information you may require. We sincerely apologize for any inconvenience this incident may have caused. Please know that we have been working around the clock to rectify the situation and ensure the security and reliability of our services. Your continued trust in us is greatly appreciated, and we remain dedicated to providing a secure and reliable service environment for all of our clients.