Linode says attackers accessed one of its Web servers, some source code, and database

Dark Reading Staff, Dark Reading

April 17, 2013

2 Min Read

Web hosting provider Linode said it was hacked via a recently revealed bug in Adobe's ColdFusion that led to the attackers getting access to a Web server, some of its source code, and its database.

Word of trouble at the hosting provider first got out last Friday, when Linode said in a blog post on its website that its system administrators had spotted and blocked "suspicious activity" on its network that appeared to be targeting a single Linode customer, but the firm forced a password reset of all customer accounts as a precaution.

Linode today provided more details on the attack, noting that a hacker group called HTP had taken responsibility for breaching Linode Manager Web servers. The hosting firm says it believes the attackers employed an exploit that went after CVE-2013-1387 and CVE-2013-1388, for which Adobe issued a "hotfix" last week.

"As a result of the vulnerability, this group gained access to a web server, parts of our source code, and ultimately, our database. We have been working around the clock since discovering this vulnerability. Our investigation reveals that this group did not have access to any other component of the Linode infrastructure, including access to the host machines or any other server or service that runs our infrastructure," Linode wrote in its blog post today.

The hosting provider says there's no evidence that credit-card numbers were stolen, namely the last four digits that are stored in clear text. Linode doesn't store user passwords in its database, but it was storing some passwords in clear text, for its Lish shell program, however: "There were occurrences of Lish passwords in clear text in our database. We have corrected this issue and have invalidated all affected Lish passwords effective immediately," the blog says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights