The Inquirer-Home

Linode hacked, customer passwords reset

One customer targeted in attack
Tue Apr 16 2013, 13:00
Hacker in hoodie

HOSTING FIRM Linode has added more colour to earlier reports about a hacking attack.

At the end of last week the firm advised its customers to change their passwords after it "discovered and blocked suspicious activity on the Linode network". At that time the firm was still investigating what happened, however it was convinced that the hackers had one target in mind.

"This activity appears to have been a coordinated attempt to access the account of one of our customers. This customer is aware of this activity and we have determined its extent and impact," it said in a blog post on Friday. "We have found no evidence that any Linode data of any other customer was accessed. In addition, we have found no evidence that payment information of any customer was accessed."

The firm said that law enforcement officials are already aware of the intrusion, and that it is doing all that it can to shore up security. It recommends that its users do the same.

"We have implemented all appropriate measures to provide the maximum amount of protection to our customers. Out of an abundance of caution, however, we have decided to implement a Linode Manager password reset. In so doing, we have immediately expired all current passwords," it added.

"You will be prompted to create a new password the next time that you log into the Linode Manager. We also recommend changing your LISH (Linode Shell) passwords and, if applicable, regenerating your API key."

Today an updated blog post said hackers exploited a previously unknown zero-day vulnerability in Adobe's Coldfusion application server to access a web server, parts of its source code and its database. It added that it has no evidence that any decrypted credit card numbers were obtained.

"We take your trust and confidence in us very seriously, and we truly apologize for the inconvenience that these individuals caused. Our entire team has been affected by this, leaving all of us, like you, feeling violated," it added.

"We care deeply about the integrity of Linode and are proud of the work that we accomplish here for you. This unfortunate incident has only strengthened our commitment to you, our customer." µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Coding challenges

Who’s responsible for software errors?