The 911 proxy service (911.re) stops after confirming a security breach

At the time of writing, the homepage of the 911 proxy service (911.re) displayed a detailed message left by the website administrator revealing the details of the security breach.

911 proxy service (911.re), considered one of the few original residential proxy networks, announced the closure of its operations after suffering a data breach. The service that has sold access to countless Microsoft Windows computers since 2015 confirmed in a post on its homepage that the cyber attack destroys critical elements of its business operations.

Incident details

Earlier in July 2022, Brian Krebs of KrebsOnSecurity had critical connections the 911.re proxy service had with dubious pay-per-install affiliate programs, which bundled its software with pirated software and freeware utilities.

Krebs noted that 911.re operated multiple pay-per-install programs and paid affiliates to bundle its software with other programs to generate a steady stream of proxies.

Shortly after Krebs’ report, 911.re notified users of its network review and the implementation of new security measures to “prevent misuse” of its services, as well as the closing new user registrations and proxy balance recharge.

“We review each existing user, to ensure their use is legitimate and in accordance with our Terms of Service,” the notice reads.

Many users have complained that they cannot use the service after the company’s public notice. On July 28, the site announced a permanent cessation of its services.

“We regret to inform you that we have permanently closed 911.re and all its services on July 28.”

The 911.re proxy service homepage at the time of writing (Image: Hackread.com)

Has 911.re been hacked?

As seen in the screenshot above, 911.re claims its service was hacked in July 2022 after someone manipulated the balances of numerous user accounts by abusing an API (programming interface d’application) which managed account top-ups.

The company investigated and discovered that the hacker had “maliciously damaged” its server data. The hackers managed to overwrite its servers, data and backups. As the company did not know how it had compromised this system, it decided to stop the charging system and the registration of new users “as a matter of urgency”.

How do residential proxy services work?

Users rent a residential IP address and use it as a relay for Internet communications while securing their identity. But they are usually unaware that this would turn their device into a proxy allowing other users to use their internet address.

These proxy services build their networks by offering free proxy services or free VPNs powered by software that turns their computers into traffic relays.

  1. ProxyBack Malware converts your PC into a proxy
  2. Tor Proxy Used by Cyber ​​Criminals to Initiate Bitcoin Theft
  3. What are dark web search engines and how do I find them?
  4. Mirai Variant ‘OMG’ turns IoT devices into proxy servers for cryptomining