Domain name trading company Netfleet has been able to bring its website back up with minimal disruption following a security breach that occurred yesterday.
Netfleet took its website offline after learning that its database had been breached yesterday morning. The company said in an email sent to its customers that afternoon that the breach may have resulted in unauthorised access to some personal information such as customer names, addresses and contact details.
Hackers gained access to the database by exploiting a vulnerability found in its third-party billing and support software, WHMCS, that the company uses.
Netfleet CEO Mark Lye told ZDNet Australia that the hackers were able to upload files by exploiting WHMCS's support ticket system. By about 2am AEDST the company was able to report that the security hole had been found and had been permanently fixed.
While credit card details were also on the same database, these were cryptographically scrambled, and Netfleet has assured its customers that it does not store credit card verification (CCV) numbers.
The company said that it does not believe any sensitive information was taken, but out of an abundance of caution, it has reset all client passwords and informed its customers. Under current legislation, there is no legal requirement for a company to disclose to its customers that a breach or suspected breach of its information has occurred.
Netfleet is conducting an investigation into the matter, and has approached the Australian Federal Police and CERT Australia for assistance. It is also accepting any further information from its customers.
"If you become aware of any issue which could possibly be related to this incident, however minor, please do let us know immediately," Netfleet wrote in its email.
When its investigation is complete, the company hopes to determine if the security of its database had been breached earlier than at the time of detection.
Prior to bringing its website back online early this morning, Netfleet also rebuilt its servers to ensure that no malicious data or files were present on its servers and used the opportunity to implement further security measures.
"We would like to stress that we are erring on the side of caution, and there is no need to be unduly alarmed as it is in fact only a very remote possibility that your details have been accessed," the company wrote on its website.