CLOUD WEB HOSTING FIRM Linode has had to confess to a security problem that has left some of its users out of pocket to the tune of over $220,000.
Reports about problems with the service sprung up yesterday, and Linode has already confirmed that it is at fault.
It has emailed complaining users and put an explanation on its web site. "Ensuring the security of our platform is our top priority. We maintain a strong security policy and aim to communicate openly should it ever be compromised," starts a message posted earlier today. "Thus, we are posting to describe a recent incident affecting the Linode Manager."
The firm says that the problem, which has lead to theft of Bitcoins earned by its users, can be traced back to one user who accessed a web-base customer service portal to his own ends, and has now been suspended from the service.
"Suspicious events prompted an immediate investigation and the compromised credentials used by this intruder were then restricted. All activity via the web portal is logged, and an exhaustive audit has provided the following," said the firm.
"All activity by the intruder was limited to a total of eight customers, all of which had references to 'bitcoin'. The intruder proceeded to compromise those Linode Manager accounts, with the apparent goal of finding and transferring any bitcoins. Those customers affected have been notified. If you have not received a notification then your account is unaffected. Again, only eight accounts were affected."
You got that, only eight accounts are affected. Still this sort of thing can spread panic, and yes, there is concern amongst Linode's users on web sites like Twitter. Reports suggest that user losses, and remember there are only eight affected users, run into the hundreds of thousands of dollars.
Not dollars actually, but virtual currency Bitcoins. "The portal does not have access to credit card information or Linode Manager user passwords," added Linode. "Only those eight accounts were viewed or manipulated - no other accounts were viewed or accessed."
One user, Marek Palatinus, has posted to the Bitcoinmedia.com web site with his complaints. By his estimates and currency conversion rates he is out around $12,000, or 3,000 Bitcoins.
Zhou Tong, founder and lead developer at Bitcoin trading platform Bitcoinica said that his users, who do not include Palatinue, have lost around $220,000.
"We didn't have the opportunity to scan our whole system for suspicious transactions that were not initiated from our customers because we had to shut down the system immediately after we've discovered the huge loss," he said.
"We have concluded that we lost 43,554 BTC from this incident and we will reimburse our customers for the full amount."
Although these are big numbers, in June last year one Bitcoin user lost half a million dollars in a virtual Bitcoins heist. µ