DomainFactory Attack Has Germans Scrambling To Change Passwords

Right around the time of the Timehop hack, another data breach was also discovered, this time impacting users of DomainFactory, one of the largest web hosting companies in Germany. DomainFactory, which is owned by GoDaddy, suffered the breach earlier this year in January, but the company only became aware of it when an unknown attacker posted a data breach note on the DomainFactory support forum.

SecurityWeek reports, “DomainFactory, a Germany-based web hosting services provider of GoDaddy-owned Host Europe Group, informed customers late last week that their personal and financial information was exposed after a hacker gained access to some of its systems. According to DomainFactory, one of the largest hosting firms in Germany, the breach occurred in late January, but the company only learned of the incident on July 3 after the hacker started disclosing samples of the stolen information on the DomainFactory forum.”

The person who posted the breach note claimed to have broken into the company’s customer database. He also shared internal data of several customers, as proof. Although DomainFactory initially assumed the false claim was only intended to cause confusion, the excerpts from the database, which were shared online made it clear that it was no fake claim. The unknown hacker also claimed to have attacked the DomainFactory database last year with the intention of obtaining data on anyone who allegedly owed him a seven-figure amount of money. His intention reportedly was to use the information to put pressure on the person who owed him money. He also reportedly tried to contact DomainFactory and report the exploited vulnerability he used in the breach. But when the company did not respond to his communications, he was forced to go to their support forum and break the news to its customers.

The SecurityWeek report explains further, “The hacker has created the Twitter account ‘@NaHabedere’ and claims to be from Austria. He told Heise that he breached DomainFactory in an effort to obtain information on a person who owes him money and decided to disclose the hack after the company failed to notify customers. The hacker apparently does not plan on selling or publishing the data he obtained.”

DomainFactory finally confirmed the breach and said the personal data belonging to an unspecified number of its customers had, in fact, been compromised. The personal data included names, company monikers, customer account IDs, customer addresses, email addresses, telephone numbers, DomainFactory phone passwords, birthdates, bank account details, and German credit scores known as Schufas.

Following this, DomainFactory was forced to immediately shut down the forum website temporarily, and an investigation was promptly initiated. In addition to notifying the data protection authority and commissioning an investigation, DomainFactory has also advised its customers to change all their passwords. As a precautionary measure, customers have been asked to change passwords for online services, including customer password, phone password, email passwords, FTP / Live disk passwords, SSH passwords, MySQL database passwords, and the like. The customers have also been asked to keep monitoring their bank statements for any unauthorized transaction since the compromised data can be used for identity theft and also for banking-related frauds.