Hackers launch cyberattack against cPanel systems

If you are a user of the web hosting account service, change your password now.
Written by Charlie Osborne, Contributing Writer

CPanel says the company has managed to strike back against a cyberattack levied against servers containing customer data.


The popular Web hosting platform management tool provider, used by millions, offers the cPanel and WebHost Manager systems for both private and dedicated servers to manage the backend of Web domains.

An an online service with such reach, however, the platform is a target for attackers -- and a recent data breach may have been foiled.

Last week, ‎Director of Internal Development Aaron Stone said in a statement that one of the cPanel customer databases "may" have been breached. The executive said cPanel was able to "interrupt" the breach, and so it is not known whether customer data was exposed.

The information in question stored in the database included names and contact information and passwords. However, luckily for users, the passwords were encrypted and salted, which makes it difficult for cyberattackers to crack and elicit this account data.

Credit card information was stored on a separate system and there is no evidence this data was exposed or stolen.

Stone commented:

"Although current passwords are stored salted and encrypted, we are accelerating our move to stronger password encryption at the same time in order to minimize disruption.
In order to safeguard the system, we will force all users with older password encryption to change their passwords."

This month, cPanel pushed new builds of the management system which patched numerous vulnerabilities within cPanel & WHM. Some of the security flaws patched resolved bugs which could allow attackers to remotely execute code, potentially leading to system damage, surveillance and data theft.

"It is important to highlight that this incident was not related to cPanel products or the Targeted Security Release published on January 18th," Stone says.

As cPanel systems undergo improvement, users will be asked to reset and change their credentials.

2016: The best high-end laptops for business users

Read on: Top picks

Editorial standards