LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

ColoCloud Breach: Virtualizor Bugs Lead to Wild LowEndTalk Thread

BreachColoCrossing’s ColoCloud brand suffered a breach over the last 24 hours, resulting in emails to users (from both hacker and CC), as well as a fast and furious thread on LowEndTalk.

The story is still coming together, as ColoCrossing is working on restoring services, but here’s what we’ve been able to piece together.

The breach is only on the ColoCloud side.  ColoCrossing’s massive dedicated server business is unaffected.  If you’re a customer, this means that if you’re logging in to the ‘portal’ side of the business, your systems are fine.  The breach is only on the ‘cloud’ side.  The WHMCS system is also unaffected.

This was caused by a Virtualizor bug.  While the dedicated server side runs on a proprietary management system, Vitualizor is used to administer the ColoCloud side of the business.  It’s likely that other providers are vulnerable as well.  As RackNerd’s Dustin Cisneros noted:

RackNerd is not affected by this breach, it’s worth noting that there have been several Virtualizor vulnerabilities floating around as of late (even affecting other providers here, some who haven’t even made statements) – one more recent one being Virtualizor’s support/live chat system being compromised.

This was an extortion play, and if you read the LowEndTalk thread you’ll see several posts by the hackers themselves, from accounts since banned by the mods.  The hackers claimed this was some kind of altruistic play to expose child pornography, but the reality is that they were asking for money.  (As a side note, in any large hosting environment, you’ll inevitably find some bad users.  Any CSM on a client system is the fault of the subscriber, not CC, and would be a violation of CC’s terms of service).

The hacker has emailed users, though inconsistently.  Not every ColoCloud user got the email.

ColoCloud has also emailed users:

ColoCloud Breach Email

Fun fact: two years ago, during Memorial Day Weekend 2023, downtown Buffalo suffered its first power outage since WWII. The CC datacenter there ran on generator power for 30 hours but didn’t suffer any downtime.

One of the ColoCrossing admins has posted a message in the thread:

The ColoCloud team is working hard on this issue. Sincere apologies for those who are impacted. For the ColoCloud team it has been non stop work on this issue since yesterday.

Significant steps are being taken to disconnect the platform from the internet to allow time for us to work on this issue. If your virtual server is down currently it is likely because of this action.

Thank you for the patience and understanding on this. We are doing our best.
On a personal note today is my son’s one year birthday party. I am on my computer doing whatever I can to support the team. It is all hands on deck.

Be sure to keep hitting F5 on that thread as this story develops.

2 Comments

  1. rob:

    Apparently they are still having issues. Core router to my VPS disappeared a bit after 10 am today. ColoCrossing.Com is also down but I can get into WHMCS.

    May 25, 2025 @ 1:53 pm | Reply
  2. Jae:

    Their email to customers says “this did not impact the ColoCloud billing system (WHMCS) or expose any personal or payment information” yet I am now receiving spam to an email address only used with ColoCrossing. So either they miraculously don’t consider an email address “personal information” or they lied. Yes, it led to a wild LET thread, but it has not led to any other consequences for such deception.

    June 1, 2025 @ 5:24 am | Reply

Leave a Reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published. Required fields are marked *