Zap Hosing is considered a popular server provider among gamers. Now they have informed their customers about a security incident. The data leak is also said to have resulted in customer data being stolen and published publicly on the Internet.
Data leak at Zap Hosting
Zap Hosting has made a name for itself in the hosting sector with its fast and DDoS-protected servers. Among other things, the company offers game servers (also in the cloud) or Teamspeak, as well as TS3 and Discord MusicBots.
Now they addressed their customers with a security incident, which is said to have occurred on the provider’s infrastructure between March 13 and 15. Several targeted attacks on internal services are said to have taken place, according to a blog post.
In the process, a database dump of the customer portal with data as of Nov. 22, 2021, was also publicly published on the Internet, which included customers’ usernames and email addresses. However, credit card data or other payment information with security features were not included. “Obviously, an attempt was made here to cause the greatest possible (image) damage by brute force and by publishing the said dump,” the company further writes.
Damage was quickly repaired
However, they reacted quickly and were able to limit the damage as far as possible, according to their own statement, while the infrastructure was “almost fully operational again within 48 hours.” There were no demands or extortion from the hacker(s), it adds.
In response to a quest from Golem.de, Zap Hosting revealed that passwords to the customer portal are protected with the password hashing method Bcrypt. However, passwords for accounts of sub-users, which were sent by email and have already been reset, are an exception. Nevertheless, the provider advises customers to change their passwords.
When asked by customers why the leak of the database dump was only reported now, the hosting provider reveals that the data set was only published in mid-March. Before that, neither Zap Hosting nor the public was aware that a data leak had occurred. All customers of the hosting provider can look forward to a voucher in the amount of 20 Euros, in addition to an apology. After all, that’s something, isn’t it?