Cloudways Hosting Provider Hacked September 2019
Edit: An update has been provided by Cloudways – 10/09/2019 @ 14:23: Read to the end
It has come to our attention that Cloudways, the hosting provider trusted by millions, is suspected of being hacked.
At the time of writing this it is not clear the extent of the hack and it has not been confirmed by cloudways. Knowing the Cloudways team, they probably have this well under control.
If you receive an email from Cloudways with a zip attachment: DO NOT OPEN IT!
Cloudways customers (including us) are reporting emails being sent from “firstname.lastname@example.org” with the subject “Re: Cloudways- Your servers will be STOPPED (unpaid invoice)”.
The email is especially convincing due to Cloudways having a common issue where payments were wrongly declined, so genuine versions of this email are common.
If you host with Cloudways – change your password
If you receive the above email, the best thing you can do until we have more details:
- Login at cloudways.com
- change your password
- visit the invoices page and double check that you don’t have any outstanding invoices
Update: 10/09/2019 @ 14:23
Cloudways reached out (asking for this blog to be taken down of course) and confirmed the hack. I am being told that none of their servers have been compromised which is great news. I’m also told that they acted quickly to shut down the email address in question.
A Cloudways employee’s computer was apparently hacked and a list of customers was obtained. I’m told that no customer details were obtained, but clearly names and emails were and you’d presume account numbers too as the hacker forwarded previous genuine emails from the Cloudways team.
I am told by Cloudways that out of their 20,000+ customers only 50-60 were affected and that they’d only received 35 complaints. I am told that all affected customers were sent an email explaining the exploit, but to date both of my accounts have not received an email which is disappointing.
It sounds like there’s not too much to be concerned about, apart from your email address being out there now on the spam lists. As a confirmed Cloudways user you should now be extra wary of phising attempts using this data, but on the whole there should not be any additional concerns. I have personally had a large spike in the number of scam emails received in the last 48 hours, but hopefully that will die down now.