ColoCrossing Data Breach Exposes 7,000 Customer Credentials via Vulnerability in Single Sign-On System
ColoCrossing reports data breach affecting 7,000 users via SSO vulnerability, exposing encrypted passwords and prompting urgent security updates.
In May 2025, ColoCrossing, a well-known data center and hosting provider based in the United States, announced a significant data breach impacting users of its ColoCloud virtual server platform. According to company officials, the breach was traced back to a vulnerability in their single sign-on system—a critical part of the infrastructure that enables seamless logins across various services.
The incident was swiftly contained, with ColoCrossing emphasizing that the compromise was restricted solely to its cloud and VPS (Virtual Private Server) platform. The intrusion resulted in the exposure of the email addresses, names, and password hashes—encrypted using the MD5-Crypt algorithm—of approximately 7,000 customers. While MD5-Crypt is designed to enhance security by converting passwords into difficult-to-reverse strings, it is generally considered less robust compared to more modern encryption techniques, raising concerns about the potential risk to affected users.
ColoCrossing, which operates data centers in several U.S. cities and supports a global clientele with web hosting, dedicated servers, and cloud solutions, has taken immediate steps to address the breach. The company invalidated vulnerable credentials and urged impacted customers to update their passwords across all platforms where similar login details may have been used. Additionally, they are working with cybersecurity experts to audit their systems and reinforce their authentication processes to prevent future occurrences.
Security professionals caution that breaches involving customer data—even those limited to hashed passwords—can be exploited if users have reused passwords across different sites. The company has also committed to notifying all affected individuals and providing guidance on monitoring for any unauthorized account activity.
This event underscores the ongoing challenges facing cloud service providers in safeguarding sensitive customer information in an increasingly complex digital landscape. As the investigation continues, ColoCrossing has reiterated its commitment to transparency and to maintaining the trust of its customer base through enhanced security measures and open communication.
Search your email via HaveIBeenPwned to check.
