cPanel has announced that it will require its users to change their passwords following a breach into one of its user databases.
Aaron Stone, Director of Internal Development at the popular web hosting control platform management tool provider, explains in a statement that cPanel’s security team was able to interrupt the breach but that personal information might have been compromised.
“The customer contact information that may have been susceptible is limited to names, contact information, and encrypted (and salted) passwords,” Stone reveals. “Please note that our credit card information is stored in a separate system designed for credit card storage and is not impacted by this possible breach.”
As of this writing, cPanel has not provided any information regarding how the breach occurred.
Stone has been careful to point out, however, that the incident is unrelated both to its products and to the Targeted Security Release it published earlier in January, an update which fixed numerous issues in the cPanel and WebHost Manager systems that could have allowed attackers to remotely execute code.
The statement goes on to reveal that the company is accelerating its move towards stronger password encryption. This is in spite of the fact that all passwords that may have been affected by the breach were stored salted and encrypted.
While it works to institute those changes, the company intends to implement a password reset:
“In order to safeguard the system, we will force all users with older password encryption to change their passwords.”
cPanel users are urged to go to the cPanel Store login page and click on the “Forgot Password” link.
For tips and expert advice on how you can create a strong, unique password for each of your web accounts, please click here.
Any additional questions should be directed to cPanel’s customer support staff.