In a recent Reddit Post, a Bobcares employee has come out criticizing the competency of his employer as well as publishing what appears to be their client list. The publication of confidential information will not go down well with either Bobcares or their customers.
The Reddit post containing the negative comments and client data made by Reddit user, “NaughtyBaig” has since been deleted along with the account used to make the post. Unfortunately, the archived version of the post on archive.org has also been removed (it looks like they were having issues). In the meantime, while we contact archive.org for the full version, or to ascertain why it was deleted, you can see the discussion surrounding the deleted comment (we have quoted most of the original post later in this article) below:
It is useful to say a little about Bobcares, and some of the choices that face smaller web hosting companies as they scale up their services while endeavoring to keep support response times low.
Bobcares is a server management company that offers a variety of services, from infrastructure management, design, and development, and the topic of this article; Managed Technical Support.
Web Hosting Providers will fully integrate the Bobcares support team into their support desk, live chat and even phone systems, allowing them to undertake technical and pre-sales queries on behalf of the web hosting company. We understand that ticket support is maintained from their staff in India, with more basic Live chat and phone support being undertaken by English Speaking Americans.
Bobcares offers two methods of paying for the support; on a per ticket basis, or for a larger monthly fee on an unlimited basis. Considering a server can hold anywhere between 200 to 1000 (or more depending on specifications of the server) users, the service is not necessarily cheap.
The diagram below indicates the pricing involved:
Telephone and live chat support come at additional cost:
As you can see, a simple server of say, 500 users, could easily run into the region of $500 — $800 per month.
Looking at the client list, many of the companies are relatively small. Having a scalable support infrastructure when money is relatively tight is a very sensible business decision. Bobcares is designed to grow alongside its customers’ growth. The alternative is to hire multiple support staff to ensure 24/7 coverage. This would be too expensive for many small hosting companies.
Of course, outsourcing of support will have its trade-offs. The support staff most likely deal with a multitude of different hosting providers simultaneously, so you won’t get that same personal touch than larger companies that do everything in-house. Equally, a small hosting provider can provide a more personal service when the owner deals with all the support issues in-house, or more often than not by the owner themselves. Depending on how keen the owner is at getting up at all hours of the night, the support response times may be slower.
Therefore, in principle, we think that Bobcares is an excellent idea for micro and small web hosting providers. We cannot speak as to their performance, and how good they are, but as a company, they are recommended by some of the large software providers such as cPanel (moderated listing) and LiteSpeed (Support Partner).
For medium to large web hosting businesses, it is more usual to deal with support in-house which would enable them to give a more personal and overseeing approach to ensure high standards are met. That being said, companies such as CloudLinux successfully built outsourced support teams with companies such as Remsys.
But this is just our general opinion. We are sure there will be many polarized views against and for the use of outsourced support, which is outside the scope of this article.
Employee Data Criticisms
We shall firstly deal with the complaints made by a “current” employee of Bobcares about the alleged poor service offered by Bobcares. The employee is “ranting” (at least this is the impression the post as a whole gives off) about the company being mostly run and controlled in India (again, the mention of outsourced support in India can be subject to some strong views).
They then proceed to set out why they are bad, which you can see below, in their own words:
- Phone support, manned by us Americans, is restricted to what it can do in terms of any type of support, we literally just anwser (sic) the phone, and make a ticket. Literally exactly what the Customer can do their selves and save time. We literally cannot do anything else.
- Chat, Ticket, Billing, and server support are all ran by the Indian side of the company. When it comes down to it, these guys to way more harm then good. For example, one of the “Server Techs” decided glibc needed to be removed form (sic) a Centos 6 server that ran a web server……………….Need I explain more about their incompetence?
- The company takes on ALL clients, I literally mean all, from Mobile phone support to Data center support. Yet no one is trained on any thing, most have zero experience, and learn on the job (One of the guys here has never touched a computer running anything newer then XP).
- If you have ever hired these guys, I bet your wallet felt a bit heavier when you finally left them. That would be because for the amount of support, or lack there of, you pay a surprisingly high amount, specially (sic) for extremely s— support.
This section of the post then proceeds to state:
When it comes down to it, what I am saying is, as a current employee of BBBobcares (sic)DO NOT HIRE THESE PEOPLE FOR YOUR COMPANY.
As you can see, he calls out the Indian support as incompetent and “overpriced”, and advises potential customers not to use them. For many companies, a rant by a former employee is sometimes expected, but it starts to get a little more serious when that same “current” employee proceeds to make client lists public.
The Data Breach
Unfortunately for Bobcares, the disgruntled employee didn’t just stop at criticizing their level of competency, but also leaked a list of web hosting companies using the service. This has the potential to get both Bobcares in trouble for client confidentiality, but also the employee for a breach of Arizona Trade Secret Law.
Upon request from Bobcares we will be removing \ not releasing the exact names of the companies involved. The point of the story is not the company names released, but the principle behind it.
Furthermore, the leaking of customer data by an employee is incredibly unprofessional, and we did wonder about their motives. Before the employee deleted his Reddit account, a capture of some past posts was made showing that he was promoting another web hosting company.
We can’t say for sure what links the user has with this other company, but it is not unknown for Reddit users pretend to be a third party to promote their own services. It is possible that “thecore.host” is run by the person who leaked all this data. Unfortunately, domain privacy is used on the domain, and there are no contact details on the website.
You can see a copy of the promotional Reddit Post below:
What Affect Will This Have on the Listed Companies?
If we were using Bobcares to run a hosting company, we would be extremely concerned that a data breach like this took place. If an employee could release this data, what other data might they release? Individual web hosting companies own client lists? If they are promoting third party companies, this would be a great source of data to create email or other campaigns to build their own (or friends) business up. This could be far-reaching, especially for a small web hosting company that may not have lots of cash flow.
Also, there may be some competitors who may like to point out the use of Bobcares for these companies and claim their support is better because it is all “in-house,” making it harder to attract new business, especially on public forums such as Webhostingtalk.
Whether Bobcares is better or worse than in-house support probably won’t be noticed by many. There is good and bad in-house support, so it is a matter of doing your homework before signing up to anyone. Bobcares (or at least the type of service they provide) is in our opinion is a positive thing for micro or small web hosting providers. If however, they cannot keep their customer data secure then their future does not look positive financially.
We will be reaching out to Bobcares, some of the leaked companies, as well as “thecore.host” for comment.
Update 1: The owner of thecore.host has banned our IP. The only way we believe this could be done is by identifying users referred from the original Reddit articles. This would indicate they are trying to hide their link to the person making the original Reddit post. We have reached out to them generally so that they may shed some light on this.
Update 2: Bobcares has identified the person responsible for the breach, and is in the process of initiating legal action against them. Furthermore, the employee in question only had access to a small number of customer names, but despite this Bobcares are currently undertaking an internal audit. In a statement to us, Lijoe Chakiath at Bobcares commented:
“Bobcares has been providing hosting support services since 1999. Over the years we have served a lot of hosting companies, small web hosts and large ones too. All through this time, our only service has been to help their growth. With ISO 9001 & 27001 certifications we have implemented strong measures to protect our customer information. Information is segregated and is accessible to the employees too only on a need to know basis. Hence the employee in concern had access to partial list of “names” of customers which he has outed. Even though they are just names of companies we have supported and nothing critical was let out, we take our security seriously. We are in the process of internal scrutiny.
“Within hours of this being posted, we have gotten it removed from the websites in concern. It was at this point that you posted this. We are thankful for you to having removed this.
“The said employee came with an excellent recommendation from his previous company and had been with us only for about a month. His services have been terminated and our lawyers are initiating legal action at present for the violation. “
Bobcares appears to have dealt with the matter very professionally and to be taking steps to ensure this will not happen again. It is tough to lay blame on Bobcares when a rogue employee is not something that can be predicted. Let’s just hope they identify improvements they can make to their recruitment policies to avoid similar occurrences. We will await further updates.