Update: 26th of December 2020 – 01:25 CET
Dear Altilly users,
Earlier this week on the 23rd. We noticed suspicious activities on our Altilly servers.
There were 3 servers that suspiciously rebooted around the same time. After checking the servers, we noticed unusual activity and a new system user had been created on our servers. It appears that these systems were hacked above OS level using recue mode during the reboot. Since we were unsure exactly what happened, we decided to start working on movings things over to a new hosting provider.
Late night on the 25th or early morning on the 26th, we were again alerted to another system reboot. While we were checking into that, we lost access to our servers at our current hosting provider. This includes the production webservers, the databases, and wallets. It appears that a request came in via the hosting client portal to delete all servers on the account.
We are unsure of what the outcome will be until the hosting company has done their audit and checks to see if data is recoverable. We will post additional information here when we have more info.
Update: 26th of December 2020 – 10:41 CET
It appears that our offsite storage account was also compromised using the API keys from the backup program on the affected servers. All backup files at that location were removed. It should be assumed that the hacker(s) have access to these backups, as there was download activity from that account prior to deletion.