IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Exclusive: 123-reg suffered serious security lapse while deleting 67 servers

Customers could see each other's accounts after faulty script erased their data

A padlock on a motherboard surrounded by keys

123-reg customers could see each other's account data as a coding error erased numerous businesses and websites across the UK.

The UK's largest web hosting provider suffered a catastrophic failure on Sunday that saw 67 of its servers wiped completely, erasing people's entire businesses in the process.

It also experienced a serious security blunder, allowing some users to see into each other's accounts.

IT Pro's sister site Cloud Pro was exclusively contacted by a number of 123-reg customers who presented evidence of having been redirected to other people's accounts when they tried to log into their own admin panels.

123-reg has since confirmed that an incident took place, but denied that people's personal or sensitive information was exposed, adding that it has voluntarily contacted the Information Commissioner's Office (ICO).

"There was a brief period of time where a minority of 123 Reg customers were able to see another customer's ticket information while logged into the ticket system," the company told Cloud Pro. "During the time in question, a logged in customer was not able to access any other customer's 123 Reg control panel, where product configuration and sensitive information is stored."

"We have put technical measures in place to ensure this does not happen again. Our customer support teams are also invoking additional security measures when dealing with customer information. We are confident that no sensitive data was accessed nor that there is any risk to our customers information," it added.

However, this is contrary to what Cloud Pro has been told by customers, who said that from the control panel, they were immediately able to see another customer's full name, support tickets and a significant amount of personal and sensitive information contained within them, including some billing details, IP addresses, and password notifications.

"I was able to see someone else's account, behind login on the 123-reg support website. Their session management broke for 10 minutes. This is about as serious as it gets," a Cold Fusion specialist and 123-reg customer, who wished to remain anonymous, told Cloud Pro.

Another developer and 123-reg customer, James Tanner, claimed the security lapse went on for up to 30 minutes.

"I could see all [the other customer's] tickets, and the personal information within tickets that she had shared," said Tanner.

"I believe there could've been potential to exploit further but I wasn't prepared to push it and see," he added.

The majority of customers who have contacted Cloud Pro have been informed their data is lost forever unless they have a separate backup.

One business, Free Motor Legal, had its website and email restored this morning, but managing director, Lee Jones, said the company will still move away from 123-reg.

"Following an unsatisfactory response with ultimately no guarantee our site can be restored by 123-reg, I have ... moved host company and we are actively moving our site and facilities to another provider this," said Jones. "We are internet based and therefore [had] no way of communicating with new clients and members as currently we do not exist from search results on Google, where we typically appear on page one."

"Thankfully no [was] data stored with them. [The] site has been restored by them now and full function returned. Regardless I am shifting host company due to loss of confidence," he added.

The ICO told IT Pro: "We're aware of an incident and are making enquiries."

This article was originally published on 20/04/2016 and was subsequently updated on 21/04/2016 with 123-reg's response.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Microsoft successfully tests emission-free hydrogen fuel cell system for data centres
data centres

Microsoft successfully tests emission-free hydrogen fuel cell system for data centres

29 Jul 2022