Montreal web hosting provider Web Hosting Canada (WHC) revealed the cause of major failure of this weekend.
In a blog postFounder and CEO Emil Falcon said the issue was caused by unauthorized activity by a third-party service provider.
“Based on our investigation to date, on the morning of August 28 at around 6 a.m., an individual with a third-party service provider used their privileged access to their account to log into one of the management portals. from our data center and without authorization, started server reimaging on some of our backup servers and then on some of our production servers, ”he wrote on his blog.
“Within hours, our incident response team had identified the problem and disabled access to the source account, preventing further damage. The environment was secure, the individual completely locked down, and our disaster recovery plan immediately kicked in, but the damage was already done.
He said both production and backup servers have been affected, leading to data loss that may be permanent for some. A “large number” of web hosting and reseller hosting accounts were affected; Falcon said his team have been able to recover, or are in the process of recovering, more than half of the lost accounts.
“We can confirm that the WordPress Cloud, Dedicated, Weebly and Managed accounts were largely unaffected,” he added.
Some unrecoverable data
However, he said, several production servers and their backup servers are still unrecoverable by his team, and the data recovery specialists he hired believe the potential for their recovery to be low. As their efforts will continue, he has focused on creating new accounts for affected clients.
For customers with their own local backups, he advised contacting WHC’s support team, who will help them get the sites up and running. Those who don’t have local backups should start from an empty account. For them, WHC has activated new “LifeBoat” hosting accounts, accessible from the Client area, which will remain free until at least January 1, 2022.
Update: By Contributing Journalist Howard Solomon
The head of a Quebec company that uses WHC and asked not to be identified said his company had lost three to four months of data as well as copies of websites he manages. The most recent local backup of his company is three months old.
It will take time to recover. “It might take a couple of days, we’ll put some work into it, get back on our feet and get our websites up and running. But, he added, those without local backups will have problems.
“I’m more disappointed than nervous,” he said. So far he was satisfied with the service he received from WHC. “They were on the ball,” he said.
It was Sunday, when he realized he was not receiving any new emails, that he suspected there was a problem. He went to WHC’s support chat page and saw that there were already several dozen queries online. It wasn’t until he called the hotline and heard a recorded message that he learned of the seriousness of the incident.
Data destruction, he said, is as bad as a ransomware attack.