Game hosting company ZAP-Hosting reports data breach and multiple hacks
The German game hosting company ZAP-Hosting reports that it has been the victim of targeted hacking attempts. Customer data has also been stolen. This would be data from the customer portal, such as names and e-mail addresses. The data has been put online, according to the company.
That writes ZAP-Hosting in an email to customers. According to the company, there were several targeted attacks on the systems a week ago. It’s unknown what exactly the attackers stole, but Zap Hosting reports that a database dump from the company’s customer portal may have been used to access the networks via brute forcing. That dump of data from last November was put online a week ago on Clear-Net, ZAP-Hosting discovered.
ZAP-Hosting is a hosting company based in Germany that specializes in hosting game servers, dedicated servers and TeamSpeak, as well as regular hosting and plesk and domain names. Director Marvin Kluck writes in the email to customers that email addresses and usernames have been leaked in the data dump; Address details may also have been leaked if customers shared when concluding a server agreement or when contacting customer service. According to Kluck, encrypted passwords for the customer portal and automatically generated passwords for subuser accounts, which were cleartext in logentries, were also leaked. These passwords have now been reset. Credit card or other payment details have not been leaked.
The company writes that it is not clear what the purpose was of the hackers who broke into ZAP-Hosting’s internal network between March 13 and 15. They made no contact or ransom request. It is also not clear whether more data was stolen in those attacks. According to Zap, no data was leaked from customer servers. Every customer receives a voucher of 20 euros as a compensation.
Update 19:00: Earlier we wrote that the data had appeared on Clear-Net in November and ZAP-Hosting was not aware of this. That wasn’t right. The data is from last November, but appeared on Clear-Net a week ago.