Nicole,
To clarify, I had no confusion during the attack. I had clarity of purpose and simultaneously managed up to 5 recovery attempts and maintained this without error from 9am until 5.55pm with almost no break. And in all but one case the recovery attempts went smoothly. The confusion was entirely on Blue Host’s end.

I agree completely with your need to verify my identity. In fact I encourage that. That was never my complaint. Since you reviewed the chats you know that none of your agents told me that by simply calling on my registered number (the cellphone in my pocket) I could avoid all of the drama. And even though hacking was actively going on (**), no one offered the option of simply freezing all access until identify was verified. I would have been glad to call you if I had understood that had any additional security value, something I only learned hours later. Understand that I was simultaneously trying to fix multiple hacked financial sites, get ahead of the active hacking by proactively changing access info on yet-to-be hacked accounts with the most exposed assets, and get Blue Host to stop the hacker from having access to all of the password recovery emails. Calling each and every account would have made multi-tasking impossible for in every case I first attempted recovery on-line (and in almost all cases that wsa all that was needed). As an interesting comparison: As soon as I used the “hacked” word, Paypal, ebay and CitiCard locked down my accounts without further discussion, giving me the time I needed to prove identify and then secure those assets.

You did verify that the emails arrived but hours later and you blame me or my location on that delay; I sent and received many emails that day and none of the others, sent from the same location, were delayed. I made email contact with each of the 27 attached sites and several others, so I think it’s safe to say that there were over 100 emails exchanged Saturday morning (I have all of those, so I can definitively prove the exact number). Blue Host is the only recipient that had even a moment’s delay. Thus, it is most likely the problem was on your end. You don’t mention the fax that I sent and still have the confirmation sheet in hand; I wonder what excuse you have for that?

In the end I fixed 27 accounts, some bank accounts with 6 figure deposits with larger multi-national banks. Blue Host was the only one that was truly difficult to deal with. Even before we knew that getting timely emails wasn’t working, your chat representatives told me – and you know this to be true since you reviewed the chats – it would take several hours before a supervisor could look at my issue. SEVERAL HOURS in the middle of an identity theft crisis? In every other case the service personnel – and most of this was not done on the phone but by chat – were proactive in offering solutions and when identity verification could not be immediately done they ALL froze the accounts to prevent additional hacker access. Most froze the accounts as soon as I mentioned hacking. Blue Host was unique in not offering that option, in refusing to take any preventative measures, and in actively obstructing my recovery attempts. That active obstruction combined with negligent IT (e.g., your failed in-coming emails and fax) greatly exaggerated my damages, the amounts of which are just becoming known.

Mark Smith

(** at least 5 additional accounts were hacked using password recovery emails sent to my Blue Host account during the 5 hours it took Blue Host to lock down the account)

I couldn’t send or receive emails through my Blue Host account and was told it would be fixed within a couple of hours. Four hours later I called back and they told me they were still fixing the problem.

Then I realized that I had lost over a month of emails stored on Blue Host servers via IMAP email protocol. When I called them about this they told me they would have it fixed within 30 minutes. I decided to give them the benefit of the doubt and waited three hours. It still wasn’t fixed.

I called them again this morning and Blue Host told me they were unable to retrieve my emails.

While I accept that I need to make my own backups, how can a reputable company like Blue Host drop the ball and lose over a month’s worth of emails and have no recourse for their customers?

Furthermore, they claim to have great customer service, but they take no responsibility for their failings and I would not recommend them to anyone.

This morning we went back to the site and got odd permission errors (despite permissions being set properly) and then suddenly all the images were missing. Every image that was uploaded in 2010 (and as a photography website, this was hundreds) was completely missing. I looked at the files and realized that they were all just completely gone. We called Bluehost again to see if there was some sort of backup or something that we could use to restore the site to where it was before their hard drives screwed up yesterday. The man on the phone, Matt, was remarkably rude. While I understand that we should have had a backup in place, hindsight is definitely 20/20 on this one. We’re not a huge corporate website, we’re just a couple running a photography business. I had no idea that out of nowhere large chunks of the website would disappear due entirely to Bluehost’s issues. Yeah, you mention that this is possible in your 10 million page terms of service, but it’s not something that you expect out of a company that has otherwise presented itself as nothing but professional.

When I asked what we should do, Matt from Bluehost explained that they had one backup in place they could restore it to. When I asked the time of the backup and pointed out that the Bluehost backup was from when the site was down, he admitted that, yes, using that backup would only make things worse. So I asked him what we should do. “Upload the images again,” is not a very inspiring answer. While it may have been the only option, there should have at least been an apology or perhaps an offer for a bit of credit. He explained that when you buy a car from a car salesman, you know that it could break down at any time, and that’s the same thing that happened with their servers. I understand downtime, I just don’t accept erasing files.

Matt from Bluehost was remarkably rude. Most of the people we’ve spoken to in the past 24 hours from Bluehost have been similarly dismissive and unhelpful. At least offer an apology or a small credit. Or even some sympathy. Don’t treat us like it’s our fault that we don’t have a backup when your product fails and erases large chunks of our site. Instead of doing my other work today, I’m now stuck fixing a website that was perfectly fine 24 hours ago before Bluehost screwed up. Well, that, and writing as many reviews of Bluehost’s terrible customer service as possible to save anyone else from a similarly awful experience. Bluehost–don’t even consider it.

i use to have 3IX.COM, bad experience, SQL data bases, server down.

Jaouad, Morocco