Web Hosting Linode Again Hacked

Posted: April 17, 2013 in IT Security News
Tags: , , ,

HackersWeb Hoster Linode Again Hacked, Credit Cards and Passwords Leaked

Interesting story revolves around a hosting provider Linode.

On Friday, April 12 have changed the passwords of all users Linode Manager. In a statement, the company explained that found “suspicious activity” in the internal network, which is similar to the “deliberate attempt to gain access to the account of one of the users.”

The company “found no evidence of access to data Linode or data of any user” and there is no evidence of access to financial information of customers. Despite this, the company is in any case to change the passwords for all.

The most interesting began on April 15, in some days after change of passwords. One of users of Linode at a forum reported that representatives of hacker group HackThePlanet contacted it and declared existence of confidential financial information which received thanks to Linode breaking. As proofs they provided listing of files from the Linode server. In an IRC chat they also laid out some password hashes of administrators of Linode and declared theft of password base of users and bases with payment requisites of clients.

According to representatives of hacker group, they used an exploit for ColdFusion and got access to manager.linode.com. The server was hacked within several weeks, malefactors got access to password hashes,  that are scrambled using an algorithm sha256crypt.

Hacker said that they had reached an agreement with the company Linode not to disclose information about hacking, but that she had violated the agreement by contacting law enforcement.

Database with passwords and credit card hackers may provide publicly available. Ryan advised to follow the news on twitter @ HackThePlanet.

The Linode company confirmed yesterday that breaking was really carried out through  zero day vulnerability in Adobe ColdFusion application server, and that hackers got access to a database, but there all information is ciphered. In open form passwords of Lish (Linode Shell) were stored only, it won’t repeat any more, promises Linode.

Link:

http://blog.linode.com/2013/04/16/security-incident-update/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s