On May 13, 11:13am EST, witherpanel had gone down. We immediately proceeded to look at what was going on. Unfortunately, we have seen that a malicious user has obtained access to our panel database and managed to drop the databse, thus resulting in problems.
In the background, we were in the middle of migration of our backups systems to more efficient methods, and unfortunately did not consider taking panel backups as frequently as we hoped. As a result, our latest backup was dated 30th March 2022. This meant that 6 weeks worth of panel data only in witherpanel was lost.
Additionally, the attacker has leaked data including user emails and hashed passwords ( Please note it is near impossible to obtain the actual password because it is hashed. However, weak passwords are vulnerable ). Any sources that have been traced of the leak have been taken down before it has reached the public in under 30 minutes of posting it. We are almost certain that the leaked data has not reached malicious users within that timeframe, but unfortunately, we cannot guarantee that. As of now, the leaked data is not available to the public.
If you do find anything, please disclose it to a member of management immediately in direct messages.

For your safety, please reset your password as soon as you login to the panel.
Any clients that have purchased a service for the first time in the last 6 weeks will need to forcibly reset their password, their old one will NOT work.

What's lost? Are my server files safe?

All server files and servers are intact. Any server data, databases, etc. are still present and available on our nodes. We have purely lost panel data. This however unfortunately consists of backups, databases, & iptables rules. These are not actually removed, they are only not present on the panel database. All of that data is still intact, and we can relink said data to your server. Just open a live chat and we will check it out for you. It is also possible your server IP might have not mapped properly. We can change it back to the older one you had, just ask.

Databases, iptables rules, backups & subdomains only made in the last 6 weeks are unlinked. Older ones are still available. To relink, please open a live chat and we will locate them for you

Unfortunately, things that have been lost and may not be recoverable are schedules, audit logs, custom startup commands & non-primary allocations. We are truly sorry for that, and we hope this has not affected you.

Schedules, audit logs, custom startup, & non-primary allocations only made in the last 6 weeks are not available. Older ones are still available.

If you still find anything missing, please contact us and we will help you put the pieces back together. ( This may include disk amount, multiserver resources and so on )

Ok I understand, but my service was down for a long time. Any compensation?

Yes there is compensation for this. Users can open a live chat to request for 1 week of your service worth of downtime. We will apply it to the most expensive service you have, if you have multiple. We cannot do this automatically, so please open a live chat to claim compensation

Why did it take so long?

We had to go through many data sources in order to figure out whose accounts belong to what. We cross-referenced billing orders, clients, server IPs, and so on in order to match the missing servers and data. Each management member has been working 10+ hours a day in the last 72 hours in order to bring witherpanel back online. We are extremely sorry that this has happpened, but we have worked day in and day out in order to get the services back online.

Will this happen again? Leaks, downtime... servers being offline?

We have been hyper focussed on ensuring this will never happen again. Over the course of next month, we will be performing security audits, implementing a full fledged 3 tier backup system, tightening down on security, finding long term solutions to stop panel downtime. We will ensure no breaches, and as little downtime as possible, happens in the future. Major changes will be announced soon in order to further the growth of this company


10:58 am EST 23/05/22, we have noticed leaked data, we are working on getting it removed as quickly as possible.
12:28 pm EST 25/05/22, we have gotten rid of the thread by contacting the responsible forum owners.
6:39 am EST 30/05/22, we have noticed a reddit post with leaked data. The post was in a place where only staff visit every once in a while.
7:02 am EST 30/05/22, we have removed the reddit post.
2:00 am EST 17/06/22, we believe all information is now contained and removed. This post will be archived 30th june 2022 for safety reasons.
WitherHosting - Truly Fast, Truly Cheap, Truly Limitless
Was this article helpful?
Thank you!