Any old friend of mine whose online business I maintain got this email this-morning after I tried to update something on his site:
Dear Customer,
We wrote to you on 18th October 2007 advising that you change all of the passwords on your Fasthosts accounts (including control panel, FTP, database and email), in order to prevent any unauthorised account access following the network intrusion we previously communicated.
Whilst we have found the vulnerability that caused this issue, and have instigated a system wide security audit to improve and enhance our current security, we also advised you to change your control panel, FTP and email passwords as a precaution.
Today we have been made aware that a small number of our customers who did not change their passwords have experienced a compromise to their FTP space.
As a result, in order to totally protect all of our customers, we have today implemented an automatic password change for every control panel, FTP or SQL password that was not previously reset.
In 10 days time we will also reset all unchanged email passwords.
To ensure complete security when communicating your new passwords to you, we will first take the stringent measure of sending the new control panel password via Royal Mail. Once you have received your new control panel password, you will then be able to go into your control panel and immediately change your FTP, SQL and email passwords. Please note that the email password reminder system will not work from the time you receive this mail, to the time you log in with your new control panel password.
If you have already changed your control panel password, you will still need to go into your control panel and change ALL the FTP, SQL and email passwords associated with your accounts that haven’t already been changed.
UNDER NO CIRCUMSTANCES WHATSOEVER SHOULD YOU TRY TO REUSE ANY OF YOUR OLD PASSWORDS
We apologise for the inconvenience that this will cause you during this period, but trust you understand that our primary concern is for our customers and for the security of their websites and data. Unfortunately, an automatic password change is the only way of ensuring that all of our customers are totally secure.
If you have any questions relating to this, please contact our Customer Support team on 0870 888 3600 or customersupport@fasthosts.co.uk, and they will be more than happy to help you. Thank you once again for your understanding and cooperation in this matter. Yours sincerely,
The Fasthosts Team
This has to be the most shocking decision I have ever seen taken by a hosting company! The change to all passwords means most websites hosted with them will brake (Database errors) and with no email how can you expect a business to run, as you can't even communicate with your customers!
The fact that they are sending the new emails out by post ON A FRIDAY means sites will be down over one of the busiest shopping weekends of the year!
Not surprisingly there is nothing about this on FastHost's website, but I have to say, I will be avoiding them like the plague, and suggest the same to anyone else who asks me!
I should have suggested changing when my mate told me they would charge about £50 to install a MySQL database and then charge monthly.... sigh!
I haven't seen anything this bad since my old host 38H went bust, and took their DNS with them.