Disaster recovery Toolkit

Fasthosts resets passwords after breach

David Meyer ZDNet.co.uk

Published: 30 Nov 2007 17:30 GMT

The hosting company Fasthosts has reset all its customers' passwords after the breach of one of the company's servers.

In mid-October the company, which also provides business ADSL, wrote to its customers to make them aware of the breach and ask them to change their control panel, email and FTP passwords. According to a statement on Thursday, "a very small number of customers who did not change their passwords had experienced a compromise to their FTP space".

"This damage varied from a change to the home page of a website to some files being uploaded to the FTP space which had no visible effect," a Fasthosts spokesperson told ZDNet.co.uk on Friday. "Fasthosts is currently in the process of working with these customers to resolve any outstanding technical requirements."

Fasthosts has now automatically reset all control panel and FTP passwords that had not been changed, the company announced on Thursday. Email passwords that have not been changed yet will be reset automatically in nine days' time.

"These affected customers will receive their new passwords by Royal Mail and have been informed today of all these changes and what they are required to do," read Fasthosts' statement.

The company statement said that the breach had been found during a system-wide external security audit, adding that: "Fasthosts considers that its practices and procedures are up to date, and represent good practice in continually protecting the security of its customer data, and the company remains fully confident in its ability to do so."

Fasthosts apologised for the breach, and claimed that the password changes would shore up the security hole that became apparent last month.