January 23, 2016
I am writing to let you know that one of our user databases may have been breached. Although we successfully interrupted the breach, it is still possible that user contact information may have been susceptible.
The customer contact information that may have been susceptible is limited to names, contact information, and encrypted (and salted) passwords. Please note that our credit card information is stored in a separate system designed for credit card storage and is not impacted by this possible breach.
Although current passwords are stored salted and encrypted, we are accelerating our move to stronger password encryption at the same time in order to minimize disruption. In order to safeguard the system, we will force all users with older password encryption to change their passwords.
It is important to highlight that this incident was not related to cPanel products or the Targeted Security Release published on January 18th.
We apologize for any inconvenience this may cause.
Please go to the cPanel Store login page and click the forgot password link.
Please don’t hesitate to contact cPanel Customer Service if you need help resetting your password.
You may read the PGP Signed version of this document here: https://news.cpanel.com/wp-content/uploads/2016/01/direct_customer_communication-1.txt
via @campuscodi and The Register.