A hacking group that identifies itself as National Hackers Agency (NHA) has hacked at least 605 websites hosted by the UK hosting company DomainMonster after gaining access to one of their servers. The attack occurred on February 21, 2017.
DomainMonster provides services like website building, web hosting, and domain registration. All of the hacked sites were hosted on the IP 18.104.22.168 registered to DomainMonster.
The hacked sites were online for about 24 hours before the company fixed the issue. While DomainMonster acknowledged the attack, they offered no explanations whatsoever. All of the affected websites are now up and running so it is possible that DomainMonster has fixed the flaw.
While services have been restored, data stored on these servers should now be considered compromised or even stolen. Hackers often steal data and sell it in underground markets. In the following days, NHA launched fresh attacks on Russian domains. Security experts believe that site defacements are a bit like ‘digital graffiti’. These attacks typically affect one website at a time; however, sometimes the group manages to deface several websites by exploiting a major security flaw. In the months of January and February this year, several hacking groups managed to deface more than 1.5 million websites by taking advantage of security flaws in WordPress CMS.
Customers are advised to learn from such attacks and stay safe from hackers by using a trusted VPN service. A VPN routes the data through another connection, which makes it safe from hackers as well as government agencies.