A hacking attack on web host Fasthosts has forced the UK firm to shut down some of its customers' websites. Hackers targeted Fasthosts' database, which contains the financial details, email addresses and passwords of over a million businesses for which Fasthosts hosts websites. Whether or how the thieves have used the stolen data is not yet known.
On November 29 Fasthosts had to shut down a number of its customers' websites and sent them new control panel and FTP passwords by post. This happened after some companies failed to change their passwords when the web hosting firm advised them it had discovered a network intrusion on one of its servers.
The firm still has to reset unchanged email passwords, which it has advised customers it will do on December 13.
The company said it carried out a system-wide external security audit and that the password reset had been urgent because "a very small number of customers who did not change their passwords had experienced a compromise to their FTP space".
Commentators have suggested that those Fasthosts customers lost vital custom on the run up to Christmas, as their websites were inactive until they received their new passwords by post.
Sal Viveros, an analyst at security firm McAfee, said it was "not a small-scale attack by any stretch of the imagination" and that the hackers could have accessed the entire database. Confidence in web hosting firms as a whole would be much lower as a result of this incident, he said.
McAfee advised companies worried about the fallout of the attack to take the following security measures: update their antivirus and antispyware software, install personal firewalls, regularly install update patches, avoid opening email attachments from unrecognisable sources, choose an internet service provider that offers email and content filtering, and change passwords regularly.