Hackers gained access to the OVH.com database

According to an official source , a few days ago, the internal network of the French OVH office in Roubaix was compromised. The email account of one of the administrators was hacked, with the help of another employee he got access to the internal VPN and from there the attackers got to the account of another system administrator who had access to the back office.

The attackers gained access to personal data of European customers, which list includes the name, surname, passport number, home address, telephone number and encrypted password. Credit card information was not retrieved because it is not stored in OVH.

Despite the fact that the passwords were encrypted using the SHA-512 algorithm using salt, all customers are recommended to change their passwords.

Also, hackers entered the server issuing system in Canada and could get access to client servers, if the latter did not delete the OVH SSH key from its server and did not change the root password. All the "lucky ones" on this list were sent letters with new passwords to access the server.
')
In connection with this incident, necessary measures were taken, including enhancing the security level for employee access to particularly critical data. Now to filtering by ip and access by password, USB token YubiKey was added.