The providers of the cPanel website management application are warning some users to immediately change their systems' root or administrative passwords after discovering one of its servers has been hacked.
In an e-mail sent to customers who have filed a cPanel support request in the past six months, members of the company's security team said they recently discovered the compromise of a server used to process support requests.
"While we do not know if your machine is affected, you should change your root level password if you are not already using SSH keys," they wrote, according to a copy of the e-mail posted to a community forum. "If you are using an unprivileged account with 'sudo' or 'su' for root logins, we recommend you change the account password. Even if you are using SSH keys we still recommend rotating keys on a regular basis."
The e-mail advised customers to take "immediate action on their own servers," although team members still don't know the exact nature of the compromise. Company representatives didn't respond to an e-mail from Ars asking if they could rule out the possibility that customer names, e-mail addresses, or other personal data were exposed. It's also unclear whether the company followed wide-standing recommendations to cryptographically protect passwords. So-called one-way hashes convert plain-text passwords into long unique strings that can only be reversed using time-consuming cracking techniques. This post will be updated if cPanel representatives respond later.
The cPanel compromise is the latest in a long string of high-profile hacks to be disclosed over the past few weeks. Other companies that have warned users they were hacked include The New York Times, The Wall Street Journal, security firm Bit9 Twitter, Facebook, Apple, and Microsoft. On Tuesday, a computer firm issued an unusually detailed report linking China's military to hacks against US companies, although at least some of the most recent attacks are believed to have originated in Eastern Europe.
It's unclear how many cPanel users are affected by the most recently disclosed compromise. The hack has the potential to be serious because the passwords at risk could give unfettered control to a large number of customers' Unix-based computers.
reader comments
21