Web Hoster Linode Again Hacked, Credit Cards and Passwords Leaked
Interesting story revolves around a hosting provider Linode.
On Friday, April 12 have changed the passwords of all users Linode Manager. In a statement, the company explained that found “suspicious activity” in the internal network, which is similar to the “deliberate attempt to gain access to the account of one of the users.”
The company “found no evidence of access to data Linode or data of any user” and there is no evidence of access to financial information of customers. Despite this, the company is in any case to change the passwords for all.
The most interesting began on April 15, in some days after change of passwords. One of users of Linode at a forum reported that representatives of hacker group HackThePlanet contacted it and declared existence of confidential financial information which received thanks to Linode breaking. As proofs they provided listing of files from the Linode server. In an IRC chat they also laid out some password hashes of administrators of Linode and declared theft of password base of users and bases with payment requisites of clients.
According to representatives of hacker group, they used an exploit for ColdFusion and got access to manager.linode.com. The server was hacked within several weeks, malefactors got access to password hashes, that are scrambled using an algorithm sha256crypt.
Hacker said that they had reached an agreement with the company Linode not to disclose information about hacking, but that she had violated the agreement by contacting law enforcement.
Database with passwords and credit card hackers may provide publicly available. Ryan advised to follow the news on twitter @ HackThePlanet.
The Linode company confirmed yesterday that breaking was really carried out through zero day vulnerability in Adobe ColdFusion application server, and that hackers got access to a database, but there all information is ciphered. In open form passwords of Lish (Linode Shell) were stored only, it won’t repeat any more, promises Linode.