What Happened

On November 3rd, 2024, some customers of Oddblox Hosting (435 of you, at most), received an email from a third-party vigilante notifying of a data breach of Oddblox Hosting. Since discovering this, the first thing we did was reach out to the group who was sending the emails and ask them to stop the emails.

How This Happened and What Was Leaked

After a thorough investigation over the last two days, we have confirmed that on August 9th, 2024, one of our team members realized that their Discord account had been compromised. One of the private messages in their Discord account contained a username and password for the team member’s administrator account on WHMCS (the platform handling our support tickets, server provisioning and billing). We searched login history on our WHMCS administrator area and discovered a single unauthorized successful login on July 22nd, 2024. This unfortunately allowed someone, identified as Matt James, to access and download a limited amount of customer data from our company.

We have determined that the following information had been downloaded:

• Full Names

• Email Addresses

• Phone Numbers

• Physical Addresses

• Signup Dates

• Last Login Times

• Last IP Address

We have verified that the leak exists as a JSON format file containing 2,154 unique customer entries with each dataset listed above. This is all of our customers from February 27, 2021, to July 22, 2024. Any customers who signed up after this time range were not included in the leak.

Please note that no credit card or payment information was ever compromised, as this information is stored securely at our payment processor PayPal, and are processed externally from our WHMCS instance. Consequently, we do not anticipate unauthorized transactions. Your passwords, financial info, and any other sensitive data not listed above were not involved in this incident.

Who Has The Leak

As far as we know, the database "got passed around” in the group called SRYDEN. We have reached out and asked them to delete it. They said that they have complied with our request. Other individuals involved may still have copies and we cannot do much about this.

SRYDEN has since released a public statement and partial retraction on their statements which you can read here: https://sryden.com/blog/7

What We’ve Already Done About It

We’ve taken immediate steps to reduce impact and prevent this from happening again:

• Deleted sessions and reset credentials for our entire team.

• Rotated the API keys used for deployment of game servers and web hosting.

• Reviewed and upgraded our security protocols.

• Added even stronger security measures across the board.

• Implemented mandatory Two-Factor Authentication for all our team members.

What We’ll Do Soon

• Remove all Billing Address and Phone Number fields. These were always optional, but we’ll soon edit our template so these are no longer included on the order and signup forms. Our customers should be anonymous and our services do not currently rely on this information except for extremely rare instances where verification or further contact may have been done.

• Delete all customers from the database who have unpaid/canceled services and haven’t logged in for longer than 6 months.

• Stricter vetting and supervision of all of our team members to make sure that they follow Cybersecurity Best Practices.

What You Can Do

We recommend you be careful with any unexpected emails. Don’t click on random links, and definitely reach out to us if you get anything suspicious or have any concerns.

Protect your online identity by only providing your real personal information to sites that require KYC (Know Your Customer). These typically should only be regulated financial institutions. Make sure you read their terms and are certain that they have a strong commitment to Cybersecurity Best Practices.

We’re sorry.

We’re super sorry for the stress this may have caused. This was the worst thing that’s happened in Oddblox history (and we’ve had a pretty good run so far). Keeping your trust and protecting your data is something we take seriously, and we’ll keep working to make sure we’re doing right by you.

Thank you for sticking with us through this. We’ve got your back!