Security at OVH has been upgraded immediately, including new passwords for all staff, new VPN access, email access restrictions (employees can only access email from within the office or via VPN), and three levels of verification for staffers that have higher access, including the use of IP source data, passwords, and YubiKeys.
Earlier this year, OVH was forced to deal with a separate security incident, as at least two customers had their websites compromised after attackers targeted a vulnerability in OVH's password recovery system. At the time, the randomly generated passwords were guessable due to a randomization flaw in the recovery script. The attack led to strengthened password policies and a new password reset script.
Sign up for Computerworld eNewsletters.