cPanel Inc. issued a statement asking users who contacted cPanel support service within past months to change their root passwords immediately. This is because one of their support system server was compromised and user submitted server login data are probably stolen. Here is the official email
Sent: Friday, February 22, 2013 12:48 AM
Subject: Important Security Alert (Action Required)
You are receiving this email because you have opened a ticket with our support staff in the last 6 months. cPanel, Inc. has discovered that one of the servers we utilize in the technical support department has been compromised. While we do not know if your machine is affected, you should change your root level password if you are not already using ssh keys. If you are using an unprivileged account with “sudo” or “su” for root logins, we recommend you change the account password. Even if you are using ssh keys we still recommend rotating keys on a regular basis.
As we do not know the exact nature of this compromise we are asking for customers to take immediate action on their own servers. cPanel’s security team is continuing to investigate the nature of this security issue.
–cPanel Security Team
cPanel should have used some sort of encryption to prevent customer data is being stolen when these kind of compromises happen. I have seen lot of companies asking for admin/root logins on the support tickets, Yes they have to have that info to resolving troubles with the service. But proper encryption should be enforced for the sensitive data. On most cases they simply ask to provide the info on a reply support ticket which means your sensitive information gets stored on the sql database in plain text. And if you don’t change login credentials routinely, it poses a real risk to you like in this cPanel case.
So my advice is to provide a different password when you submit the logins for resolving problem of anything, Or change the password immediately once your issue gets resolved.
Last 5 posts by Ruchira
- Slotomania Free Slot Games Review - February 24th, 2015
- The Role of Social Media and SEO - October 25th, 2013
- Google announces uProxy to overcome internet censorship - October 22nd, 2013
- Command line bandwidth monitors for Linux - October 21st, 2013
- Problem Kids: When You Know How To Spy On iPhone Remotely, You Worry Less And Focus Better! - August 19th, 2013