1

Topic: Sibername Security Disclosure

Sibername Security Disclosure

La version en français de ce message suivra celle en anglais.

Dear ..................
It has recently come to our attention that prior to WHC’s acquisition of Sibername’s assets in September 2020, the security of certain Sibername systems may have been compromised and used to access private information, then held by Sibername.

The earliest identified access dates back to April 2020 and was only recently discovered as part of WHC’s security audit and migration of Sibername services.

While there is no indication that specific data was accessed or misused, it is possible that your personal information, such as name, email, address, list of services and domains and web hosting account content could have been accessed without your consent.

In light of security protocols already in place, critical sensitive information such as credit card information and user passwords were encrypted or tokenized and were not impacted by this incident.

Upon discovery of the issue, WHC immediately implemented its mitigation strategy and has both secured affected systems, accelerated its comprehensive security review, and further strengthened proactive security monitoring for all Sibername systems. We will also move forward with the previously scheduled migration of Sibername services, including its Client Area, into WHC’s secure ecosystem in the upcoming months.

Out of an abundance of precaution, we encourage all Sibername clients to update their passwords at their earliest convenience. Depending on your services with us, this may include cPanel, database, application and email accounts passwords. Clients are also encouraged to implement a secure and comprehensive password protection practice in their organization.

WHC remains committed to providing all our users with comprehensive security and transparency with all our products and services.

For questions or assistance regarding this incident, our team is available to help at security@sibername.com

Warm regards,

The Sibername & WHC Security team
www.sibername.com

Received this notification from Sibername/WHC this morning. Hope others received it too.

Liked by: jaydub, MapleDots

2

Re: Sibername Security Disclosure

Funny, I did not get this...

I wonder if the email went out to everybody?

Going to go in and change my password now.

3

Re: Sibername Security Disclosure

I didn’t get it either *DONT_KNOW*

Real character is doing the right thing when nobody is watching.;)
Be sure brain is engaged before putting keyboard in gear.
Sometimes I feel like I'm in a battle of wits with unarmed opponents :)
Immortality is achieved by living a life worth remembering.

4

Re: Sibername Security Disclosure

Nothing here either

5

Re: Sibername Security Disclosure

Email just arrived…

Real character is doing the right thing when nobody is watching.;)
Be sure brain is engaged before putting keyboard in gear.
Sometimes I feel like I'm in a battle of wits with unarmed opponents :)
Immortality is achieved by living a life worth remembering.

6

Re: Sibername Security Disclosure

Maybe the hacker will start paying my TBR invoices for me :-)

Liked by: Eby, jaydub, aactive

7

Re: Sibername Security Disclosure

rlm wrote:

Maybe the hacker will start paying my TBR invoices for me :-)

Too bad I don't have anything outstanding. Next time I will remember to bid up and not pay .LOL

8

Re: Sibername Security Disclosure

jaydub wrote:

Email just arrived…

Same here

9

Re: Sibername Security Disclosure

Nothing yet for me

They are probably sending the emails out in batches or by hand.

Either way we will get them at different times.

10

Re: Sibername Security Disclosure

Thanks to everyone who responded. My intention was to alert others also.
Hopefully all were able to change the password and did not notice any unusual activity.
I didn't notice any at my end and thankful.

11

Re: Sibername Security Disclosure

"Password length must be 8 to 15 characters"

Ooof.

12

Re: Sibername Security Disclosure

I got the email May 31st at 11:56 am

That is 3 freaking days after it was first reported here.

What the heck is all that about, if that is how they treat security we have a problem.

How can mine arrive so late?



Proof is in the pudding, see attached



https://i.postimg.cc/rFCLgx5h/Picture0170.png

13

Re: Sibername Security Disclosure

MapleDots wrote:

I got the email May 31st at 11:56 am

That is 3 freaking days after it was first reported here.

What the heck is all that about, if that is how they treat security we have a problem.

How can mine arrive so late

That is not acceptable at all. Seems like they have not taken this very seriously. That’s not right.

14

Re: Sibername Security Disclosure

Thank you for sharing your concerns.

In order to ensure maximum reach with the email messages, our team was closely monitoring the delivery of the messages and paused delivery over the weekend when limited staff was available.

Considering how far back the incident occurred and lack of evidence of any tampering or misuse we wanted to prioritize delivery over speed of the notification.

Since passwords were already encrypted, changing them was only a recommendation out of an abundance of precaution

Feel free to reach out to me directly if you have any particular concerns.

Domains Product Manager @WHC
(514) 504-2113 x7209

Liked by: Esdiel