Update on DNS hijack of leaseweb.com website

As one of the largest hosting providers in the world, with almost four percent of the entire global IP traffic under our management, LeaseWeb continuously combats cybercrime in its many forms, dealing swiftly and professionally with any detected malicious activity within its network. Last weekend the leaseweb.com website was unfortunately a direct target of cybercriminals itself. For a short period of time some visitors of leaseweb.com were redirected to another, non-LeaseWeb IP address, after the leaseweb.com DNS was changed at the registrar.

This DNS hijack was quickly detected and rectified by LeaseWeb’s security department. Although it seems to have had only superficial effects, we seriously regret this event from happening. Our security investigation so far shows that no domains other than leaseweb.com were accessed and changed. No internal systems were compromised. One of the security measures we have in place is to store customer data separately from any publicly accessible servers; we have no indication that customer data was compromised as a result of this DNS hijack.

DNS hijack, overview of services affected

The unauthorized name server change for leaseweb.com took place at our registrar on Saturday 5 October, around 19:00 hours CET / 1 PM EST. While the hijack was soon detected and mitigated, it took some time before our adjustments in the DNS cache were propagated across the internet. During this period the following systems and services were affected:

  • Some visitors of http://www.leaseweb.com were redirected to a non-LeaseWeb IP address
  • E-mails sent to @leaseweb.com addresses during the DNS hijack were not received by LeaseWeb
  • Domain name registration and server reinstallation via our Customer Portal was disabled

Preventing future incidents

Details of how exactly the hijack could have happened are not yet 100% clear at the moment of writing. Some media mentioned that a vulnerability in WHMCS-software might have been the culprit, but this cannot be the case. LeaseWeb uses its own in-house developed software for its customer panel, which does not seem to have been part of the security issue. Right now, it appears that the hijackers obtained the domain administrator password and used that information to access the registrar. We will continue to investigate this incident thoroughly and take decisive action accordingly.

At LeaseWeb we take security and cybercrime prevention very seriously. By partnering with various third parties through our Community Outreach Project, we are often able to stop cybercrime in its tracks. In addition, our security teams continuously research, implement and upgrade a broad variety of security systems and protocols to prevent any attacks from doing harm. These measures go beyond technical solutions. For example, as part of our continued ISO27001 security certification maintenance, all our staff receives regular security awareness trainings.

We sincerely apologize for any inconvenience this unfortunate event might have caused. Security will always be a battle between good and evil, with one trying to outsmart the other in whatever way possible. We will learn from this incident, intensively review our security systems and protocols, and adjust where necessary.

If you have concerns, our customer service is available to answer any questions you might have.

Leave a Reply

LeaseWeb on Twitter

April 27th was King's Day in the Netherlands. It was a great opportunity to celebrate together with our customers

test Twitter Media - April 27th was King's Day in the Netherlands. It was a great opportunity to celebrate together with our customers https://t.co/WXZ73zehsB

Linux Engineer? Are you keen to work in a fast-moving environment with like-minded people? Let us know! We're hiring lnkd.in/gZ_7Ezd

test Twitter Media - Linux Engineer? Are you keen to work in a fast-moving environment with like-minded people? Let us know! We're hiring https://t.co/I4EHP3oSc2 https://t.co/pHuv5hxH1c

Read our CEO's reflections on the amazing growth that has made LeaseWeb the company it is today: blog.leaseweb.com/2017/04/26/loo… #LeaseWeb20

test Twitter Media - Read our CEO's reflections on the amazing growth that has made LeaseWeb the company it is today: https://t.co/vg5W5PUjRW #LeaseWeb20 https://t.co/jU0aayoqdk

"Mens sana in corpore sano" - Our team in training for last year's Viking Run #LeaseWeb20 #throwbackthursday

test Twitter Media - "Mens sana in corpore sano" - Our team in training for last year's Viking Run #LeaseWeb20 #throwbackthursday https://t.co/pCNEfXwmAa