Important Information from Layered Technologies
Sep 18th, 2007 by Miguel Richards
Dear Valued Client,
Protecting our client’s account information is a top priority, and we value the trust you place in Layered Technologies. Regrettably, criminals are increasingly using the Internet for illegitimate purposes. As is the case with many companies that maintain databases of information, Layered Technologies is from time to time subject to attempts to illegally extract information from its databases.
The Layered Technologies support database was a target of malicious activity on the evening of 9/17/2007 that may have involved the illegal downloading of information such as names, addresses, phone numbers, email addresses and server login details for 5 to 6,000 of our clients. Layered Technologies responded immediately to this specific incident by conducting a comprehensive security audit of internal processes and procedures.
Due to the significant amount of uncertainty in determining which accounts may have been impacted, Layered Technologies felt that it was in your best interest to take the precautionary steps of reaching out to you and all clients regarding this issue. In addition, we are asking all of our clients to change the login credentials for all host details they have submitted in the past 2 years. This includes any login credentials for the following: Cerberus, Modernbill, Encompass, and all servers you own and operate with LT, all services that may have submitted passwords in the past for such as Webmail, Remote Desktop, SSH, MySQL, cPanel WHM, FTP Backup storage or similar services. Please utilize the ‘reset password’ features on all of our tools to reset and send a new random password. Any LT customers needing assistance with resetting passwords should contact our technical support team via our ticketing system for methods for how we can assist with resetting them and not providing the updated passwords in the tickets.
We are committed to maintaining an ongoing dialogue with all of our clients about Internet security and the steps Layered Technologies is taking to protect its clients. LT has launched a series of initiatives to enhance and to protect the information you have entrusted to us. Some of these steps are being immediately implemented, while others will be put into place as appropriate.
We believe these actions are the responsible steps to protect the trust you place in LT. We will continue to share information with you about the enhancements we are making.
Sincerely,
Todd Abrams
President and COO
Layered Technologies Inc.
Confidentiality Note: The information contained in this transmission is legally privileged and confidential, intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you receive this communication in error, immediately delete this message.
Hi, my question or comment rather for this blog is, why isn’t confidential customer information kept in a secure location that is seperate from the internet? We have a private vlan with our server, im sure LayeredTech has the technology necessary to keep all of the client information on the Layerered Tech private network. Our servers are attacked on a daily basis, mostly for content we don’t even have and we can’t avoid it however we do keep client information seperate that even if someone were able to get past something, they wouldn’t have access to our client information.
Thanks for your time and good service,
James
I appreciate LT taking the step of notifying its customers. I am far happier for this to come from you rather than hear about it from others. Now we can respond to this incident and move on.
I am interested in hearing how LT plans to better protect its information in the future. Also, has any financial information (e.g. credit card numbers) been leaked, which we should be concerned about?
James,
The breach was not at an OS level but done via an web application running on our help desk that allowed them to gain further access into the database. This allowed them to then view tickets and their contents.
All of our systems are fire walled and have other security in place but this attack was done using an open protocol (http) which allowed them to then get into the database where tickets and their contents where exposed. We are still investigating the full level of the breach but wanted to notify our clients ASAP to allow you to protect your hosts while we continue to look at how many tickets where exposed and other data. No other details appear to be exposed (helpdesk logins, Encompass Logins etc) but we are asking everyone to change them aswell to be on the safe side.
Paul,
All payment details are stored in a different system. No credit card details should be exposed unless you had opened a ticket and included them in it. Then there is a chance it has been exposed and should be treated as such. We purge all scanned details daily after verification so any clients that uploaded those to validate their account where not exposed.
Thanks,
Jeremy
Hi,
I exactly know how you feel, Thank you for informing us, we change our passwords on monthly basis, cause couple of years ago some hackers could breach in hosting controller (control panel) of the server and use forget password service to gain access to sites, it was worst nightmare for us. During those days, We did not get much support from our clients and blamed for other people faulty job. Anyway, we support your efforts on this and hope that your system improves day by day! Good luck!
Thanks for your warning and informing.
thank you for your quick update on that unknown breach matter.It’s not good to hear that its done via your awarded support panel.I am also anxious about encompass.It contains lots of bugs inside.And I think it would be more easy for nichers to leak inside that panel.
Consequently,That would affect lt’s fame on a bad side.
Anyway, I love LT whatsoever happens.
PS: Zoom bravo.LT de türkçe bilen yok mu ?
yada bu insanlar orayı anlamayacaklar mı bir şekilde ?
Sonra da vay efendim türkler şöyle böyle.
Utan kişiliğinden.
Were credit card data comprised as well. We need to know if we have to contact our credit card company to get new cards.
Hi,
Thank you Layered Technologies for notifying us about this most appricated.
jeremy
Please delete the posts sent by Zoom.
He is swearing in turkish .
We would like to know why and how it happened, the details in the tickets between LT & clients can expose further exploit and not just passwords. You say name, phone numbers & addresses were also compromised? I would see someone potentially get a call from the “fake” LT
Thank you for the swift and clear notification.
Will you please consider changing your support procedure so that your support employees do not ask for my root password in response to every ticket filed?
Thank you LT i trust you. You can fix the issue.!
Hi
i am a layered’s customer since 2004 and i know that today layeredtech is taking more care about CC and important other informations regarding their customers but if there is really a vulnerability in this CERBERUS HELPDESK as i use this in my host web site as well can you please send to my email detail to protect to my application
we know vulnerabilities exists and more you can look your logs and determine exactly what and how this was done
other thing you may consider is the fact that the “hacker” can now create a ticket system account and claim he is me, as he know our server IDs, our ips, our Customer IDS, he can ask fake reboots, reloads and who knows what more !
these people know now all our data…
Hi
i am a layered’s customer since 2004 and i know that today layeredtech is taking more care about CC and important other informations regarding their customers but if there is really a vulnerability in this CERBERUS HELPDESK as i use this in my host web site as well can you please send to my email details to protect my application too
we know vulnerabilities exists and more you can look your logs and determine exactly what and how this was done
other thing you may consider is the fact that the “hacker” can now create a ticket system account and claim he is me, as he know our server IDs, our ips, our Customer IDS, he can ask fake reboots, reloads and who knows what more !
these people know now all our data…
I, the reader of this message, am not the intended recipient of the message, as I had never heard of LT previously and was only sent her by a link from the friend. Having received this communication in error, I’ve attempted to delete this message but have so far been unsuccessful.
Could you please delete this blog post on my behalf?
Thanks.
Hey there,
I’m the lead developer on Cerberus Helpdesk. I’ve extended my help to the LT team.
For those of you also using Cerberus, we’re vigilant about any security reports that pop-up on sites like Secunia. Obviously, we’re aiming to close any potential exploits before they get that far.
You’re welcome to contact our support team for free help with applying the latest project updates.
-Jeff Standen, Chief of R&D
WebGroup Media, LLC. (Developers of Cerberus Helpdesk)
This has been covered in the tech media - see
http://www.theregister.co.uk/2007/09/19/layered_technologies_breach_disclosure/
Thanks for LT in letting us know as soon as the problem became evident.
I love the posting of a blog article prefixed with “Confidential”
Looks like it’s password changing time!
jeremy, you surely knows that credit card changes your company requires us to scan the card and send it to you in tickets. why weren’t you removing those after use? the same for passwords you requires for troubleshooting tickets.