Linode To Hosting Customers: Change Your Passwords Now
Stolen Linode customer credentials discovered on an 'external' server by cloud hosting provider that has been under continuous DDoS attacks.
Cloud-based hosting provider Linode, which has been under DDoS attack for about two weeks, today said it has expired all Linode Manager passwords as a "precaution" after discovering that two Linode customers' credentials appear to have been pilfered.
"A security investigation into the unauthorized login of three accounts has led us to the discovery of two Linode.com user credentials on an external machine. This implies user credentials could have been read from our database, either offline or on, at some point. The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds. The resetting of your password will invalidate the old credentials," the hosting firm said in a blog post today.
Linode has hired "a well-known third-party security firm" to investigate the DDoS and other attacks, and law enforcement also is involved in the case.
"You may be wondering if the same person or group is behind these malicious acts. We are wondering the same thing. At this point we have no information about who is behind either issue. We have not been contacted by anyone taking accountability or making demands. The acts may be related and they may not be," the company said in its post, which can be read in full here.
About the Author
You May Also Like
Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024