Cloud-based hosting provider Linode, which has been under DDoS attack for about two weeks, today said it has expired all Linode Manager passwords as a "precaution" after discovering that two Linode customers' credentials appear to have been pilfered.
"A security investigation into the unauthorized login of three accounts has led us to the discovery of two Linode.com user credentials on an external machine. This implies user credentials could have been read from our database, either offline or on, at some point. The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds. The resetting of your password will invalidate the old credentials," the hosting firm said in a blog post today.
Linode has hired "a well-known third-party security firm" to investigate the DDoS and other attacks, and law enforcement also is involved in the case.
"You may be wondering if the same person or group is behind these malicious acts. We are wondering the same thing. At this point we have no information about who is behind either issue. We have not been contacted by anyone taking accountability or making demands. The acts may be related and they may not be," the company said in its post, which can be read in full here.