A major incident wiped data on Web Hosting Canada servers


Canadian web hosting company, Web Hosting Canada (WHC) reported an incident that severely disrupted operations on Saturday. WHC's CEO description of the incident points to a disgruntled third party.
WHC, boasting over 60,000 clients, announced it ran into a major incident on Saturday. The availability of web hosting and reseller hosting accounts on WHC systems in Montreal datacenter were affected.
“We currently have all hands on deck working on the problem but the situation is serious,” the company claims. CyberNews tried to contact the company, however no answers were provided so far.
Without authorization, [the individual] initiated server reimaging on some of our backup servers, then on some of our production servers,
Emil Falcon.
WHC is restoring data on four servers. However, five WHC servers have had their backups partially or completely destroyed with company admitting information hosted there has ‘low likelihood of data recovery.’
“Our initial attempt to repair the data on our backup servers has failed and at this point the likelihood of successfully restoring account data from these servers is very low,” WHC wrote in an update of the incident.
Since the incident was reported on a weekend day and backup servers were damaged, this might point to the incident being a malicious attack.
Hackers tend to strike on weekends and holidays, since majority of the IT employees are either on leave or home, hindering fast response to an attack. Even if some personnel is on premise, it’s highly likely there are less people working during the off days.
Many major attacks happened in a similar fashion: Kaseya was recently hit just begore July 4 celebration, Solarwinds hack was carried out just before Christmas last year and in 2013 hackers breached Target data centers just before Thanksgiving.
The destruction of backup servers is a technique employed by ransomware cartels for use extortion. Crime cartels destroy backups and hold the stolen information hostage, demanding owners to pay if they want to get it back.
According to Dave Hatter, a cybersecurity expert at IntrustIT, the way WHC covered the incident does resemble a malicious attack.
While I suppose it could be something else, it looks like a ransomware attack to me,
Dave Hatter.
"While I suppose it could be something else, it looks like a ransomware attack to me," Hatter wrote CyberNews in an email.
At the time of writing this article, WHC did not specify weather the incident was caused by an attack, system malfunction or whether something has caused physical damage to the affected servers. Recent weather condition, however, do not point to any extremes in Montreal on Saturday.
Since Web Hosting Canada did not provide any information on the cause of the incident, angered clients have been speculating in social media with theories ranging from electrical damage to a rogue former employee.
Unauthorized access
After the article was published, WHC's founder and CEO, Emil Falcon, released a blog post explaining the situation.
According to him, an individual with a third-party service provider used their privileged account access to connect to one of WHC's datacenter's management portals.
"Without authorization, [the individual] initiated server reimaging on some of our backup servers, then on some of our production servers," Falcon writes.
Production and backup servers were damaged due to the incident, with many web hosting and reseller hosting accounts being affected. Some Web Hosting Canada clients lost their data permanently.
The article was updated on 31 August.
More from CyberNews:
ULA email leak: internal emails allege smear campaign against SpaceX and Elon Musk
How Solarpunk and its radical optimism is changing the world
Retros of the lost age: vintage computers from the East
Microsoft warns thousands of cloud customers of exposed databases
Caught in a crossfire: how your data ends up on criminal forums
Subscribe to our newsletter
Comments
We need to solve this problem together! At the very least – demand compensation!
It is negligent on their part, and now I have to wait as I cannot go to any other hosting company until it is up and running.
They lie about their service, such a pity.
Had WHC contracted with even a rudimentary Offsite Backup & Storage company, this whole disaster would have been averted, as no inside man from WHC would have been able to delete the core 3rd-party backups from a remote site, and it would have been a matter of hours (for the big clients) or days (for the little fish) to get back online.
WHC is like a retail landlord having no fire alarms, no fire insurance, no link to the fire department, and no working fire extinguishers, and then pointing the finger at someone else when all the retail stores burn down to the ground.
I also agree with a previous comment that WHC is clearly negligent in their duties, have lied about offsite backups, and will be sued back into the stone age.
This is scary…
https://whc.ca/blog/major-incident-what-happened/
All my “REAL” clients are with another web hosting company in Montréal. You pay more than WHC but you got complete redundancy and top security. (Even if nothing expose to the web is really secure)
WHC seems really vague on what was the exact cause of this monumental failure.
Luckily for my friend, I always have a local clone and backup files on my personal server. I know that many people just lost a lot more.
Sincerely sorry to all of them…
I chose WHC way back because they are local, good price and service, and they have a terrestrial address, meaning they don’t hide behind a wall.
Even lacking details, I empathize with the major hassle they are dealing with. I wish them victory.
Your email address will not be published. Required fields are marked