Cyber Incident Victim: Loopia

On August 22, 2017, Swedish web hosting provider Loopia experienced a significant security breach involving unauthorized access to portions of its customer database. The attackers compromised personal and contact information along with encrypted (hashed) passwords for Loopia's Customer Zone (Kundzon). The company detected the intrusion promptly but delayed public notification until August 25 to prioritize system remediation and customer protection. Loopia confirmed that critical customer services—including hosted websites, email accounts, databases, and email passwords—remained unaffected. Payment card information was not exposed, as Loopia did not store such data in its environment. The breach exclusively targeted the customer database containing account credentials and identifiable user details, with no evidence of lateral movement into other operational systems.

Loopia initiated immediate containment measures, including forced password resets and replacement of all customer account numbers. The company communicated directly with affected users via email, urging updates to personal information while emphasizing the encrypted nature of stolen passwords, though it withheld specifics about the hashing algorithm. CEO Jimmie Eriksson publicly acknowledged the breach on August 30, citing the necessity of securing systems before disclosure and confirming an ongoing internal investigation to identify the attack vector. Loopia implemented additional security enhancements during this period but admitted uncertainty regarding the attackers' methods. Eriksson stated that while no infrastructure is completely invulnerable, the company would rigorously evaluate its response and strengthen defenses based on investigation findings. The incident did not disrupt customer-facing services, and no financial fraud or secondary compromises were linked to the breach at the time of reporting.