Website hosting provider cPanel is calling on some users to change their passwords after it informed them on Friday that hackers compromised one of its technical support department’s servers. The hosting provider does not know for certain the extent of the hack or what, if any, information was stolen during the compromise.
The advisory came in the form of an email alert that was posted on a WHMCS forum. It was sent only to customers that had opened service-request tickets with cPanel’s support staff in the last six months. Other members of the forum reported receiving the same email.
The hosting provider urges the recipients of the email alert to change their root level passwords if they have not been using SSH keys and to change their account passwords if they are using unprivileged accounts with “sudo” or “su” for root logins.
As for customers that are using SSH keys, cPanel advises that they rotate those keys on a regular basis.
“As we do not know the exact nature of this compromise we are asking for customers to take immediate action on their own servers,” the alert recommends. “cPanel’s security team is continuing to investigate the nature of this security issue.”
We reached out to cPanel over the phone but they were not readily available to answer questions or comment on the situation. However, a company spokesperson did confirm via email that a compromise took place and that cPanel’s security team has launched an investigation.
The spokesperson also informed us that cPanel plans on publishing a blogpost containing details about the compromise tomorrow. We plan on publishing an update once cPanel provides us with more information.