We have had a break-in in our systems on the night of 17 October, where customer data leaked.
Leaked data contains an overview of our customers' domainnames and email addresses.
Leaked data about email users contains:
- Email addresses associated with the user
- Password (encrypted)
- User description
Even though all passwords are encrypted, it may only be a matter of time before they may be compromised.
We are therefore notifying all email users that they must change password by 20 October at 16:00.
Users who have already changed their password 18 October or later do not need to change passwords again.
Domain administrators are also notified separately via email, both to their primary and secondary address.
Email users may change their passwords via webmail until 20 October at 16:00.
Administrators may already change passwords for their users as follows:
- Login from our front page
- Click on "My domains"
- Click on the domain in question
- Click on "Email" on the top menu
- Scroll down to "Email users"
- Click on the email user you want to change password for
- Change the password, feel free to use our "Suggest password" button
See also our FAQ about email administration.
If the end user has used the same password in other places, the password should be changed there as well.
We apologise profusely for this security breach and the inconvenience caused to our customers and their users.
Our customer service will assist administrators who cannot login to their control panel.
We humbly ask for understanding that reaching us via phone may be difficult, and that it will take us longer than usual to answer emails.