
Now at first you might think, well, this is just a ransom scam, the sort of “fake breach” emails that circulate regularly.
However…the emails appear fully authenticated, with SPF, DKIM, and DMARC, and were sent through Blesta’s own infrastructure. Eeek.
We should caution that just because someone compromises an email system does not mean they’ve compromised everything. But if what the email claims is true, this is potentially catastrophic. Blesta is a popular billing system, and holds customer data, API keys, automation info, and more. If Blesta is compromised, this breach could cascade very widely.
No word from Blesta yet.
Thanks to RackNerd for alerting us to the news!
The community is talking about the potential security issue on LowEndTalk.
Update: Blesta Responds
Dear Customer,
We are writing to inform you of a security incident affecting portions of our internal infrastructure.
On June 25, we created a temporary support account for a third-party virtualization software vendor in connection with an active support request. We have since determined that an unauthorized party gained access using those credentials before the account password was changed that evening. The incident is currently under active investigation.
The unauthorized individual used that access to send an email through our customer portal to a limited number of customers claiming that our systems had been compromised and threatening to publish customer data unless a ransom was paid. That email was unauthorized and was not an official communication from Blesta.
Upon discovering the unauthorized activity, we immediately disabled the affected account, secured impacted systems, revoked unauthorized access, preserved forensic evidence, and began a comprehensive forensic investigation into the scope of the incident.
Our investigation remains ongoing. We are reviewing system logs, server images, and other forensic evidence to determine what systems and information may have been accessed. Many people are asking if their Blesta installations are safe. At this time, we have found no evidence that the incident involved a vulnerability in the Blesta software itself.
We understand that this incident is concerning, and we sincerely apologize for the uncertainty it has caused. We are committed to keeping our customers informed throughout the investigation and will provide additional updates as verified information becomes available. If we determine that any customer-specific action is necessary, we will contact affected customers directly.
If you have any questions, please contact our support team.
Thank you,
The Blesta Team
The post Blesta Hacked – Ransom Gang Threatens to Leak Customer Details Tomorrow appeared first on LowEndBox.