Cyber Incident Victim: Easily
Date:
Dec 2015
Location:
United Kingdom
Summary
A UK-based web hosting provider experienced a data breach, though the exact number of affected users remains unspecified. The incident involved unauthorized access to customer data, though the article does not detail specific compromised information types or confirm the breach mechanism. Related context mentions DKnife, a Chinese-origin malware framework targeting domestic users, but no direct link to this breach is established. Other vulnerabilities discussed in the article—including GitHub Codespaces flaws enabling remote code execution, DockerDash metadata exploits, and SQL injection risks in WordPress plugins—are presented as separate threats without explicit connection to the hosting provider's incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
In December 2015, UK-based web hosting provider Easily.co.uk disclosed a targeted cyberattack that compromised customer domain name registrations. According to a customer letter from COO Edwina McDowall, unidentified threat actors deployed malware on the company’s systems, enabling unauthorized access to lists of customer domain names. The malware was subsequently isolated and removed by Easily’s security team. McDowall asserted in the letter that no account credentials, passwords, or personal information belonging to the specific recipients were exfiltrated, though the notice did not confirm whether this applied universally to all affected customers. The company delayed issuing a public statement about the breach, creating ambiguity during its response. As a precaution, Easily initiated password resets for customer accounts, but this action inadvertently triggered phishing concerns among users due to lack of corroborating information on its official website. Multiple customers publicly questioned the legitimacy of the reset notifications via social media, with one Twitter user (@KensalLife) describing the communication as appearing “phishy” and another (@mspann) noting suspicious support emails containing grammatical errors inconsistent with Easily’s advertised “100% UK based support” team.
The confirmed impact involved exposure of domain registration records, though the exact number of affected customers remained unspecified. Easily, which claimed over 100,000 clients across 150 countries, faced reputational challenges as customers highlighted discrepancies between its “first-class customer support” branding and the breach response. Cybersecurity strategist Orlando Scott-Cowley of Mimecast contextualized the incident within a broader trend of attacks targeting critical internet infrastructure organizations, citing the earlier compromise of ICANN as precedent. He emphasized that domain registration system breaches posed systemic risks beyond conventional data theft, potentially undermining foundational internet operations. The incident revealed operational vulnerabilities in Easily’s crisis communications, as customers reported difficulty verifying official breach notifications while encountering support channel irregularities. No evidence suggested financial data compromise, and the company did not disclose technical details regarding malware persistence or initial attack vectors.