From: "Customers" <support () hostrocket com>
Reply-To: "Customers" <support () hostrocket com>
To: sleeping_bum () hotmail com
Subject: An Important Message From HostRocket
Date: 23 Nov 2001 17:58:18 -0000
Received: from [220.127.116.11] by hotmail.com (3.2) with ESMTP id
MHotMailBDC7E58700AC4004315742A24078B7A80; Fri, 23 Nov 2001 10:50:48 -0800
Received: (qmail 17365 invoked by uid 99); 23 Nov 2001 17:58:18 -0000
From support () hostrocket com Fri, 23 Nov 2001 10:51:26 -0800
Message-ID: <20011123175818.17364.qmail () host20 hrwebservices net>
Errors-To: "Customers Administrator" <support () hostrocket com>
List-Owner: <support () hostrocket com>
List-Software: Mojo Mail 2.5.1 http://mojo.skazat.com
You are receiving this letter because you either are a current or a past
customer of HR Web Services (HostRocket.Com). The letter below details to
you the specifics of the situation including what has happened, what is
being done to remedy the situation and prevent its reoccurrence, and what
you the customer need to do.
A security hole found in a 3rd party billing software package used by us to
manage our customer billing which has had no known security holes until
this date was exposed, and the possibility arose that this information may
have found its way into the hands of people who should not have it, despite
our use of both SSL and heavy encryption. We have no confirmation that
this information is in the hands of anyone with any malicious intent
towards our customers at this time, however the possibility may exist in
the future. We cannot release the details of what program it was etc. yet
as there are many other hosts out there that run the same software package
whoÂ’s information will need to be protected as well.
What We Did:
Immediately upon the discovery of the intrusion we disabled the affected
systems to prevent the possibility of further access. We then immediately
contacted the credit card processing companies involved to make them aware
of the possibility that the card info was compromised. They assured us
that the card issuing banks would be notified immediately about the
situation, and it will be up to their discretion whether or not there is a
large enough threat posed by this to warrant canceling the cards and
issuing replacements. They also reminded us to remind you the consumer
that you are not and would not be responsible for any fraudulent
transactions that might occur on your card in a worst-case scenario.
The details regarding this policy implemented by Visa are located at:
The details regarding this policy implemented by MasterCard are located at:
What We Are Doing Now:
The billing system was heavily modified to be more secure and moved to a
new more secure server in a new physical location and locked down with no
outside connection to the general Internet available for the affect backend
system, which has also been completely recoded. Along with this, all
account passwords have been changed and new passwords sent to all current
HostRocket customers. Other security policy changes are as follows.
-3 digit confirmation code on the back signature panel of all cards to be
submitted with new orders.
-All new orders to be confirmed by a live person on our staff before
-All telnet access to all hosting servers and requiring customers to use
SSH (secure shell).
-IDS (intrusion detection systems) are being installed on all of our
These additional security measures are to help cut down on possible
security breaches on other servers of ours in the future.
What You The Customer Should Do:
All affected customers should contact their credit card company to see if
they feel that the card should be placed on hold. Check to make sure that
you have received your new login and password information which should be
coming shortly after this email, and that the login and password work for
your account. If they do not work, please contact us for immediate
resolution of any account access problems.
We at HostRocket apologize repeatedly for any and all inconvenience this
will cause everyone involved. We have hired additional staff to help with
the expected influx of support and to finish up our own in house billing
system which we have coded from the ground up and know to be secure. We
greatly appreciate your understanding and continued support, and look
forward towards working both for and with you to improve our services to
you and your websites alike during the coming years.
-The HostRocket Team
To unsubscribe from: Customers, just follow this link:
http://18.104.22.168/cgi-bin/mojo.cgi?f=u&l=Customers&e=sleeping_bum () hotmail com&p=8233
Click the link, or copy and paste the address into your browser.