This article first appeared in New Scientist.
The following is a reprint of an article originally published on March 5, 2018.
Earthlink webhosting says it has been hit with a massive cyberattack that has stolen personal data, including names, email addresses and passwords.
The company said on Monday that it had been breached in May by hackers who used phishing email messages and a compromised website to take over accounts.
“We are working with the authorities to ensure our systems are safe,” said Earthlink’s chief technology officer David Leggett.
The hackers took control of the company’s servers, including the email server, which stored the company name and email address.
“It was an aggressive and highly sophisticated attack that we had not anticipated, and we took action,” said Leggets.
Leggetts said the company had been alerted to a cyberattack last May, which the company said was “very significant”.
It was the first such attack on Earthlink in 18 years.
“The attack on the company affected more than a billion IP addresses and millions of user accounts,” Legget said.
The attackers used an open source web application called Xtronix, which allowed them to take control of an Earthlink domain.
The attack was discovered by the company last week.
The criminals used the name and IP addresses of some 1.3 million accounts, which they could use to make other attacks, including phishing emails and attempts to get people to visit a site they had never visited.
The email addresses were all linked to a single email address, which was used by Earthlink users to send the phishing message.
The phishing messages were not targeted at Earthlink, but the attackers were able to use the addresses to make the attack appear legitimate.
“This attack is a serious and serious breach of our network security,” said Bill Schulman, the chief executive of the Information Security Trust, an organisation that monitors data breaches.
“Our systems were designed to prevent such an attack and we are deeply sorry that we were not able to detect it before it happened.”
In a statement, Earthlink said the attack had affected all of its customers’ websites.
“Earthlink has been working with law enforcement and other government partners to investigate the incident and to protect our customers from any further damage,” the statement said.
“To this end, we have taken the decision to stop all customers from accessing our websites until we are confident that the incident is under control.”
The company’s website was also hit.
“As a precaution, all of our websites are offline,” it said.
In a second email, Earthlink said the hackers had also accessed its system log files, which included information on what websites had been visited and what devices had connected to Earthlink.
“Unfortunately, EarthLink’s network has not been fully secured for some time, and this may have led to a breach,” it wrote.
Leffetts said that, in some cases, Earthlinks servers could have been affected by the attack.
“If you have an account at EarthLink and you have the same IP address that you use for Earthlink as well as the same DNS server, the attacker can be able to access your account, log in and steal your information,” he said.
Levengys company, which is based in New York, said it had received no indication that the attack was being directed at other businesses or individuals.
Earthlinking’s chief executive told the BBC the company was “committed to providing our customers with the highest levels of security and privacy”.
“The risk of data loss and compromise is extremely high when you have systems that are open and that can be used by anyone,” he added.
“So we are working closely with our partners at the National Crime Agency, the UK Police, our law enforcement partners and the US government.”
The US Federal Bureau of Investigation (FBI) and National Security Agency (NSA) are investigating the attack, which it said was carried out by the same group.
Levelletts’ comments come as other US internet firms have come under increasing cyberattack.
In May, Amazon announced that it was closing all of the US’s major retail websites after the attack of a Chinese man who was able to hack into the accounts of at least 500,000 US customers.
The hacker, who is believed to have access to the Chinese state-owned internet giant, used the same email addresses used by the US.
“That was not an isolated incident,” said the FBI’s chief cybersecurity officer, David Kroll.
Leggerts said that it would be “premature” to assess whether there was a link between the attack on Amazon and the attack that had taken place at Earthlking. “
Anytime someone with access to a large scale system can change the password for an entire retail store or large organisation, that could have a significant impact on people’s ability to operate.”
Leggerts said that it would be “premature” to assess whether there was a link between the attack on Amazon and the attack that had taken place at Earthlking.
He said that