© 2021 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

A major incident wiped data on Web Hosting Canada servers

16

Canadian web hosting company, Web Hosting Canada (WHC) reported an incident that severely disrupted operations on Saturday. WHC's CEO description of the incident points to a disgruntled third party.

WHC, boasting over 60,000 clients, announced it ran into a major incident on Saturday. The availability of web hosting and reseller hosting accounts on WHC systems in Montreal datacenter were affected.

“We currently have all hands on deck working on the problem but the situation is serious,” the company claims. CyberNews tried to contact the company, however no answers were provided so far.

Without authorization, [the individual] initiated server reimaging on some of our backup servers, then on some of our production servers,

Emil Falcon.

WHC is restoring data on four servers. However, five WHC servers have had their backups partially or completely destroyed with company admitting information hosted there has ‘low likelihood of data recovery.’

“Our initial attempt to repair the data on our backup servers has failed and at this point the likelihood of successfully restoring account data from these servers is very low,” WHC wrote in an update of the incident.

Since the incident was reported on a weekend day and backup servers were damaged, this might point to the incident being a malicious attack.

Hackers tend to strike on weekends and holidays, since majority of the IT employees are either on leave or home, hindering fast response to an attack. Even if some personnel is on premise, it’s highly likely there are less people working during the off days.

Many major attacks happened in a similar fashion: Kaseya was recently hit just begore July 4 celebration, Solarwinds hack was carried out just before Christmas last year and in 2013 hackers breached Target data centers just before Thanksgiving.

The destruction of backup servers is a technique employed by ransomware cartels for use extortion. Crime cartels destroy backups and hold the stolen information hostage, demanding owners to pay if they want to get it back.

According to Dave Hatter, a cybersecurity expert at IntrustIT, the way WHC covered the incident does resemble a malicious attack.

While I suppose it could be something else, it looks like a ransomware attack to me,

Dave Hatter.

"While I suppose it could be something else, it looks like a ransomware attack to me," Hatter wrote CyberNews in an email.

At the time of writing this article, WHC did not specify weather the incident was caused by an attack, system malfunction or whether something has caused physical damage to the affected servers. Recent weather condition, however, do not point to any extremes in Montreal on Saturday.

Since Web Hosting Canada did not provide any information on the cause of the incident, angered clients have been speculating in social media with theories ranging from electrical damage to a rogue former employee.

Unauthorized access

After the article was published, WHC's founder and CEO, Emil Falcon, released a blog post explaining the situation.

According to him, an individual with a third-party service provider used their privileged account access to connect to one of WHC's datacenter's management portals.

"Without authorization, [the individual] initiated server reimaging on some of our backup servers, then on some of our production servers," Falcon writes.

Production and backup servers were damaged due to the incident, with many web hosting and reseller hosting accounts being affected. Some Web Hosting Canada clients lost their data permanently.

The article was updated on 31 August.


More from CyberNews:

ULA email leak: internal emails allege smear campaign against SpaceX and Elon Musk

How Solarpunk and its radical optimism is changing the world

Retros of the lost age: vintage computers from the East

Microsoft warns thousands of cloud customers of exposed databases

Caught in a crossfire: how your data ends up on criminal forums

Subscribe to our newsletter


Comments
Alex
Alex
prefix 16 days ago
I don’t want to put up with saying “the site can’t be restored, sorry”.
We need to solve this problem together! At the very least – demand compensation!
Terry joice
Terry joice
prefix 16 days ago
I remember asking them about backups. I was told they were safe and separate from main server. I guess I am rebuilding everything from scratch but I got feeling it won’t be with whc
Remrihk
Remrihk
prefix 14 days ago
this is sad to hear. I will be transitioning to somewhere or better yet just focus on creating a stable server instead to host my client websites...
Nancy Prokosh
Nancy Prokosh
prefix 16 days ago
My website has been down since Saturday. I cannot get any answers, nobody to discuss the pending situation with and no time frame as to when it will be back up. This is damaging my online business. I receive repetitive emails from WHC support saying they will get it back up, but I do not think that is possible. Here I sit, with no online business, wondering what am I going to do?
It is negligent on their part, and now I have to wait as I cannot go to any other hosting company until it is up and running.
They lie about their service, such a pity.
Joe Danger
Joe Danger
prefix 16 days ago
The major problem with WHC is that they were clearly cutting corners and don’t even have a basic Offsite Backup system in place. This is both alarming and extremely negligent, especially as WHC promoted the fact they had remote backups in case of mishap, which in reality, was just an extremely vulnerable local backup server in the same location.

Had WHC contracted with even a rudimentary Offsite Backup & Storage company, this whole disaster would have been averted, as no inside man from WHC would have been able to delete the core 3rd-party backups from a remote site, and it would have been a matter of hours (for the big clients) or days (for the little fish) to get back online.

WHC is like a retail landlord having no fire alarms, no fire insurance, no link to the fire department, and no working fire extinguishers, and then pointing the finger at someone else when all the retail stores burn down to the ground.

I also agree with a previous comment that WHC is clearly negligent in their duties, have lied about offsite backups, and will be sued back into the stone age.
John Cerpnjak
John Cerpnjak
prefix 17 days ago
Yeah, Web Hosting Canada’s response to the crisis was extremely poor. I had a number of websites and business email addresses on one of the servers considered low likelihood of recovery. They provided no communication. I only found out all my websites we’re down from the Jetpack plugin on WordPress sending me email notifications. Extremely frustrating to have all that data (the years and years of work that I’ve put into my websites) to be deleted. At the time of writing this, WHC has taken no responsibility to explain what happened or how it happened, or how their clients will be compensated for the destruction of their data and digital properties.
Greg Honnold
Greg Honnold
prefix 16 days ago
I’m basically in the same boat. Months of hard work and development cost seemingly flushed down the drain. I’m honestly still in denial.
Mathieu Davidson
Mathieu Davidson
prefix 17 days ago
They’ve updated their site, it seems that the problem was within. A third party had access to all the servers. Did this mean that a third party of WHC could have gained access to the information in my database.

This is scary…

https://whc.ca/blog/major-incident-what-happened/
Patrick
Patrick
prefix 17 days ago
First time I see a situation like that in 20 years building websites. I’m lucky that it’s only one website (belonging to a friend) that was on one of the servers that will NOT be recovered.
All my “REAL” clients are with another web hosting company in Montréal. You pay more than WHC but you got complete redundancy and top security. (Even if nothing expose to the web is really secure)

WHC seems really vague on what was the exact cause of this monumental failure.

Luckily for my friend, I always have a local clone and backup files on my personal server. I know that many people just lost a lot more.
Sincerely sorry to all of them…
Canacor
Canacor
prefix 17 days ago
We’ve been hit heavily by this; 2 digital assets completely compromised with another one declared terminal (no chance of recovery). As we are dealing with the aftermath many businesses like ours are scrambling for contingencies. At this point it is fair to say that unfortunately for WHC their business is done.
Andrew
Andrew
prefix 17 days ago
I found my site was down by Aug 29th and next day I did get an email from WHC.
I chose WHC way back because they are local, good price and service, and they have a terrestrial address, meaning they don’t hide behind a wall.
Even lacking details, I empathize with the major hassle they are dealing with. I wish them victory.
peter
peter
prefix 17 days ago
I was about to move my sites from Siteground to WHC. I have an account and several clients on WHC and will probably recommend that they move off. The outage isn’t the reason, it’s the very poor response. They now have an update timestamped at 11pm yesterday, oddly it wasn’t there at 5am today. Their 10am update is basically useless.
John Fuller
John Fuller
prefix 17 days ago
Web Hosting Canada didn’t even have the common courtesy to send out emails to clients affected by this outage. All of us affected only found out by either friends letting us know that our websites were down, or in my case, not having any incoming emails for 2 days and looking into what’s happening. In addition to this, WHC placed a temporary “Sorry” page on all of the websites that were down, hinting that this was the customer’s fault for things such as failure to properly set up the IP address or DNS server or moving. WHC didn’t even own up to their server failure.
Barrington Gator
Barrington Gator
prefix 16 days ago
I agree – sue the pants off the negligent twats.
Linda Rogers
Linda Rogers
prefix 12 days ago
The way they handled this was the worst. It's a harsh truth but never trust anyone else's backups. They are a nice extra safety net but be sure to make your own too.
frank
frank
prefix 16 days ago
Strange cause I have the most basic web hosting package and yet did see an email being sent out informing me of the issue. The only problem is that the email address they had was my own domain and I thus never got it cause I guess they disabled the servers.
Leave a Reply

Your email address will not be published. Required fields are marked