# Sibername Security Disclosure



## Eby__ (May 28, 2021)

Sibername Security Disclosure

La version en français de ce message suivra celle en anglais.

Dear ..................
It has recently come to our attention that prior to WHC’s acquisition of Sibername’s assets in September 2020, the security of certain Sibername systems may have been compromised and used to access private information, then held by Sibername.

The earliest identified access dates back to April 2020 and was only recently discovered as part of WHC’s security audit and migration of Sibername services.

While there is no indication that specific data was accessed or misused, it is possible that your personal information, such as name, email, address, list of services and domains and web hosting account content could have been accessed without your consent.

In light of security protocols already in place, critical sensitive information such as credit card information and user passwords were encrypted or tokenized and were not impacted by this incident.

Upon discovery of the issue, WHC immediately implemented its mitigation strategy and has both secured affected systems, accelerated its comprehensive security review, and further strengthened proactive security monitoring for all Sibername systems. We will also move forward with the previously scheduled migration of Sibername services, including its Client Area, into WHC’s secure ecosystem in the upcoming months.

Out of an abundance of precaution, we encourage all Sibername clients to update their passwords at their earliest convenience. Depending on your services with us, this may include cPanel, database, application and email accounts passwords. Clients are also encouraged to implement a secure and comprehensive password protection practice in their organization.

WHC remains committed to providing all our users with comprehensive security and transparency with all our products and services.

For questions or assistance regarding this incident, our team is available to help at security@sibername.com

Warm regards,

The Sibername & WHC Security team
www.sibername.com

Received this notification from Sibername/WHC this morning. Hope others received it too.


----------



## MapleDots__ (May 28, 2021)

Funny, I did not get this...

I wonder if the email went out to everybody?

Going to go in and change my password now.


----------



## jaydub__ (May 28, 2021)

I didn’t get it either *DONT_KNOW*


----------



## Spex (May 28, 2021)

Nothing here either


----------



## jaydub__ (May 28, 2021)

Email just arrived…


----------



## rlm__ (May 28, 2021)

Maybe the hacker will start paying my TBR invoices for me


----------



## Eby__ (May 28, 2021)

rlm said:
			
		

> Maybe the hacker will start paying my TBR invoices for me



Too bad I don't have anything outstanding. Next time I will remember to bid up and not pay .LOL


----------



## Spex (May 28, 2021)

jaydub said:
			
		

> Email just arrived…



Same here


----------



## MapleDots__ (May 28, 2021)

Nothing yet for me

They are probably sending the emails out in batches or by hand.

Either way we will get them at different times.


----------



## Eby__ (May 28, 2021)

Thanks to everyone who responded. My intention was to alert others also. 
Hopefully all were able to change the password and did not notice any unusual activity. 
I didn't notice any at my end and thankful.


----------



## moosk (May 28, 2021)

"Password length must be 8 to 15 characters"

Ooof.


----------



## MapleDots__ (May 31, 2021)

I got the email May 31st at 11:56 am

That is 3 freaking days after it was first reported here.

What the heck is all that about, if that is how they treat security we have a problem.

How can mine arrive so late?



Proof is in the pudding, see attached


----------



## Eby__ (May 31, 2021)

MapleDots said:
			
		

> I got the email May 31st at 11:56 am
> 
> That is 3 freaking days after it was first reported here.
> 
> ...



That is not acceptable at all. Seems like they have not taken this very seriously. That’s not right.


----------



## FM__ (Jun 1, 2021)

Thank you for sharing your concerns.

In order to ensure maximum reach with the email messages, our team was closely monitoring the delivery of the messages and paused delivery over the weekend when limited staff was available.

Considering how far back the incident occurred and lack of evidence of any tampering or misuse we wanted to prioritize delivery over speed of the notification.

Since passwords were already encrypted, changing them was only a recommendation out of an abundance of precaution

Feel free to reach out to me directly if you have any particular concerns.


----------

