Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Cloud Security

Linode Resets Passwords After Credentials Leak (linode.com) 55

New submitter qmrq sends news that Linode, a major provider of virtual private servers, has been compromised again. In a blog post, they said, "A security investigation into the unauthorized login of three accounts has led us to the discovery of two Linode.com user credentials on an external machine. This implies user credentials could have been read from our database, either offline or on, at some point. The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds." The Linode team said it found evidence of unauthorized access to three customer accounts. They don't yet know who is behind the attacks.

An employee for PagerDuty said they were compromised through Linode Manager all the way back in July. "In our situation the attacker knew one of our user's passwords and MFA secret. This allowed them to provide valid authentication credentials for an account in the Linode Manager. It's worth noting that all of our active user accounts had two-factor authentication enabled. ... We also have evidence from access logs provided by Linode that the attackers tried to authenticate as an ex-employee, whose username ONLY existed in the Linode database."
This discussion has been archived. No new comments can be posted.

Linode Resets Passwords After Credentials Leak

Comments Filter:
  • by d33tah ( 2722297 ) on Tuesday January 05, 2016 @06:13PM (#51244635)
    Sounds like someone really hates them. First the DDoS, now the compromise...
  • Was this the same event as was reported here two days ago? Or new? The problem here is once your provider has been compromised you have no recourse but to assume that you and your customers who use you have been compromised as well. My guess here is that it is a disgruntled ex-employee of Linode.
  • by Indy1 ( 99447 ) on Tuesday January 05, 2016 @07:05PM (#51244829)

    I always find it amusing when a big spammy hosting provider gets pwned. Companies that ignore their spam problems usually tend to ignore their security problems too.

    http://www.spamhaus.org/sbl/li... [spamhaus.org]

    • by lucm ( 889690 ) on Tuesday January 05, 2016 @07:23PM (#51244897)

      The relationship between hosting companies and spammers is fascinating. I strongly recommend Krebs book on this topic, it makes for an entertaining and educating read (book is called "Spam Nation").

      Checkout this post on his blog about spammers and IBM:

      Last month, anti-spam group Spamhaus.org listed Softlayer as the “#1 spam hosting ISP,” putting Softlayer at the very top of its World’s Worst Spam Support ISPs index. Spamhaus said the number of abuse issues at the ISP has “rapidly reached rarely previously seen numbers.”

      http://krebsonsecurity.com/201... [krebsonsecurity.com]

    • by Anonymous Coward

      only 8 listed ip's out of how many 10s of thousands they have? that's not a horrible track record compared to many hosts.

    • by raisin ( 30710 ) on Tuesday January 05, 2016 @09:13PM (#51245561)

      I always find it amusing when a big spammy hosting provider gets pwned. Companies that ignore their spam problems usually tend to ignore their security problems too.

      http://www.spamhaus.org/sbl/li... [spamhaus.org]

      As a Linode customer, this post was news to me and cause for concern.

      But then I saw that Rackspace had 12:
      http://www.spamhaus.org/sbl/listings/rackspace.com
      and I was glad to have left for Linode after Rackspace bought Slicehost.

      And saw that others were worse, with Dreamhost at 25:
      http://www.spamhaus.org/sbl/listings/dreamhost.com

      • 25 for Amazon too. I doubt if those numbers mean anything, but if they do, Linode wins.
        • No, they don't mean anything. Compare them to Velocity Servers/ColoCrossing. Those guys have whole /16s and /20s listed.
    • >I always find it amusing when a big spammy hosting provider gets pwned. Companies that ignore their spam problems usually tend to ignore their security problems too.

      Seriously? If any of my users does anything even remotely annoying, like running Nmap, I'd immediately get a notification from their netops people. I'd shut the user down, and they'd write back and thank me.

      I can't imagine a spammer lasting very long at all in an environment like that. They take their stuff very seriously there.

      • What does this even mean? Who are the netops people supposed to be and who are you in this scenario?
        • I have a Linode, as should be obvious from the context, and their netops people are very aggressive on clamping down bad behavior coming from their nodes.

          • Ok so the users are people who pay you to run things on your linode? Why wouldn't they just get their own?
            • >Ok so the users are people who pay you to run things on your linode? Why wouldn't they just get their own?

              They're computer science students. I host a UNIX server for them on my own nickel because I don't want to graduate CS majors who don't know an ls from an rm. But being CS majors they occasionally do goofy things that need to be clamped.

              And I do hope they get their own - a number have installed Linux on their PCs, or bought a RPi or whatever.

              Anyhow, my point is that Linode doesn't seem to be the kind

              • Ah, I see.

                Yes, spam they have to take seriously, but I'm surprised that they're contacting you about running Nmap.
    • I always find it amusing when a big spammy hosting provider gets pwned.

      Linode isn't one of those. You want real spam? Go look at ColoCrossing and its subsidiaries/resellers.
  • We're just in the process now of migrating away from Linode. And this is the first notification I've seen of this issue. So they didn't email everyone.
    • by marklark ( 39287 )

      I got our notification at 11:10am.

      "
      Hello,

      As a precaution, Linode has expired Linode Manager passwords. You will be prompted to set a new password the next time you log into . If you haven't already done so, you should do this now.

      For more information, please read our blog post:

      We apologize for this inconvenience.

      Thank you,
      The Linode Team
      "

Kiss your keyboard goodbye!

Working...