Seems Colocrossing got hacked and Cloud VPS services faced a data breach
Many users having account with Colocrossing have got an email stating that the colocrossing backend (Virtualizor) has been hacked as its been posted on lowendtalk. It seems the hacker exploited their backend system and gained access to customers’ data including their email address and VPS information. One forum user has adviced to change the VPS username and password, as well as change the passoword for the Colocrossing account.
seems colocrossing.com site got hacked. colocrossing is down for me. And I can’t login to my VPS panel. They’re using Virtualizor which seems to be hacked. It’s a data breach at colocrossing.
Colocrossing had a data breach with their virtualizor panel and database of their VPS customers including the email address, names, etc. were leaked by the hacker. There seems no actual hacking for any client’s VPS machine. Their login cloud.colocrossing.com was down for me.
This seems to be a typical ransomware campaign. They use peer pressure and customer pressure to get the ransomed company to pay up. Likely to be an actual breach and Colo-Crossing isn’t responding, so they start applying pressure by reaching out to their employees and customers. A few of colocrossing’s users did posted on reddit and lowendtalk about this.
About “colocrossing data breach” in 2025. On 24 May 2025 at 3:06pm UTC ColoCrossing Cloud customers with an active VM recieved an email detailing an external breach in the ColoCrossing infrastructure with a ransom request.
The breach targeted the Virtualizor control panel of the ColoCrossing Cloud VPS and VDS product lines, exposing end user’s Full Name, Email Address and the Root Password to VPS and VDS products for these customers.
A forum member on nodeseek.com posted how they had also contacted the attacker and received screenshots of the ColoCrossing Virtualizor Control Panel further indicating the breach was legitmate.
On 25 May 2025 at 1:45am UTC ColoCrossing send a ‘Security Notice’ to all end users via the [email protected] address claiming “the attacker was able to access limited system metadata, email addresses and used our mail server API to send an unauthorized message to ColoCloud customers.” and “stemmed from a vulnerability in a Single Sign-On (SSO) feature.
Many LowEndTalk users have confirmed viewing the database including VM passwords in plain text, additional claims of these plain text credentials being used to install Cryptominers and other malicious software on end user VMs are starting to be raised.
Its not virtualizor software problem but a human error was the official statement from Virtualizor. Colocrossing Cloud VPS are affected by this data breach. Colocrossing dedicated servers and other services are intact.