OneProvider Data Breach - 2016 Customer Info + Hashed pw's Leaked

Per their email -

Dear customer,

We have discovered on February 18th an unauthorized access to a frontend entity of our infrastructure. Following investigation, it was determined that a limited amount of customer data was briefly consulted. While the unauthorized access was rapidly contained, the affected customers were immediately informed of the details in a separate message.

On February 21th, we have found that the incident was unfortunately more important than we originally believed. It is highly likely that a deprecated database backup, dating from December 2016, was partially retrieved.

The retrieved portions of the database contained: Customer Information, including hashed login passwords (to OnePanel).

The database does not contain payment information.

Because we take this situation very seriously, we have taken every appropriate measure to further secure our infrastructure and increase our security.

While your services are unlikely to have been compromised, we would like to remind you to make a habit of always changing the root passwords of your newly delivered servers.

As an additional measure of security, we have implemented an automatic password update feature that will prompt you to update your password every 6 months. You will see this feature upon your next login. We have also reset accesses for all inactive accounts. We also remind you that you can monitor the activity of your account at any time in the ‘Account’ section in both the “Activity Log” menu and the “Sessions” tab in the Account page.

We deeply apologize for what we realize is a grave situation, and for any inconvenience caused. Your account managers and our support team remain available for any questions you may have, or to assist you in examining as well as securing your infrastructure. We are taking the necessary steps with the concerned authorities.


1 Like

The end is nigh.

1 Like

I got it too :wink:

I hope I was using a password manager back then. Can’t remember when I started using them.

Might not be a major issue even if you didn’t use password manager back them, as long as changed all your password since then leak you should be fine.


I got the same email to, forget I actually had a account there.

Can you ask them for clarification on that? I believe they are obligated to list what customer information was leaked by GDPR. I’ve read quite a lot of those recently and every single one of they contained that information. Maybe because you are outside of the EU OneProvider thinks they can get over with it? If they fail to provide you with that information you should contact French data protection authority.

Edit: Ehh, nevermind on the last part. The adequate French data protection authority is CNIL, but they don’t accept emails or any forms of “e-latters” (it’s 2019, wtf?). Is anyone here French? :sweat_smile:

Why would the Frerch data protection authority care Oneprovider are Canadian.

Oh well… I thought they are French, just like My bad then.

Cheers for unique passwords!


Hopefully they are properly salted


Umm… Wouldn’t expect that.


Another day, another breach.


And that’s why you use a password manager… (and long randomly generated passwords)