We are writing to provide a clear update regarding the incident affecting your service.
A vulnerability in the platform we use (Virtualizor) allowed an attacker to gain access to our LA VPS nodes where your VPS was hosted. As a result, the attacker damaged the disk associated with your VPS, and the data on it is irrecoverable.
We are currently rebuilding the affected nodes and preparing the platform for service re-installation, so that users will be able to reinstall their VPS and deploy their own backups in order to get back online.
Further information on when servers will be ready for re-installation will be communicated to affected users via email.
Actions and precautions taken;
To prevent similar incidents in the future, the following measures are being implemented:
- All affected nodes and hypervisors are undergoing fresh OS installations to remove any backdoors or residual traces.
- Existing firewall policies and IP-level blocking are being revised and deployed.
- All access keys, passwords, and tokens have been fully refreshed.
- A migration away from Virtualizor to a different, in-house platform is being implemented and will begin next month.
Data and security clarification;
- The attacker does not have access to your VPS data.
- No customers' personally identifiable information was compromised.
- No billing or payment information was compromised.
- The incident was isolated to the VPS management platform (Virtualizor) / LA VPS products and did not affect our billing systems, customer databases or other product lines we offer.
We sincerely understand the impact this incident has caused and appreciate your patience while we work to restore service availability.
For transparency and ongoing updates, a detailed incident report and progress updates are available on our status page (https://status.cloudcone.com/), which is our central communication channel for this incident.
To help manage communications and prevent system overload, this ticket has been temporarily locked; all further updates regarding this incident will be shared via the status page and email.
