Linode Hacked? Who can fill in the missing details?

I’m seeing mixed information online that Linode may have been hacked. The biggest collection of comments seems to be on the hacker news post. There are quite a few there saying they got new credit cards recently or have had suspicious charges.

I got a letter from my bank last early last month telling me I’d have a new card by March 25th. I got a new credit card by that date as well as a separate mailing for a PIN reset. The mailing from my bank did not mention which merchant triggered the card replacement.

I didn’t get the email from Linode until after I had a new card, which leads me to wonder if they’re related or merely a poorly timed coincidence.  This post leads me to believe that it happened only 2 weeks ago, which is funny because I actually updated my Linode account to the new card a few days after the 1st. If it did in fact happen 2 weeks ago they would have had my old credit card number that was on file and already canceled by my bank.

Since Linode seems to be short on details at the moment I was hoping to aggregate some info regarding who’s a customer and was sent new cards from their bank recently. I haven’t noticed anything suspicious on my statements like some others noted.

Unfortunately there’s not a lot of clarity on what’s going on and Linode has been quiet since their email on Friday. I’d venture to say it’s a mix of truth and lies at this point.

This comment highlights the fact of how incompetent Linode staff would have to be. To me it’s a bit far fetched.

These guys are looking totally incompetent at this point.

If you believe this Ryan guy, credit cards stored on the same server as the key to decrypt them, Lish passwords stored in plain text, they’ve known for some time and lied about what actually happened and now they’re saying “we won’t do anything about it” via email?

“You are of course free to take any steps you deem prudent or necessary to ensure the integrity of your online presence.”

Unbelievable.

Edit: not to mention they “made a deal” with the hacker not to tell anyone? What the hell?

Victoria’s Secret Sleazy Credit Card Language

Recently my girlfriend got a notice regarding a change in terms to her Victoria’s Secret credit card agreement. Victoria’s Secret store cards are held by World Financial Network National Bank. In reading these terms, I found some oddly worded sentences, that made it seem almost as if they were trying to slide changes past their women card holders. It mainly pertained to finance charges. (Emphasis mine).

14. FINANCE CHARGES

D. The Daily Periodic Rate of FINANCE CHARGE applicable to your Account will be computed by adding 21.74% to the value of an “Index,” and dividing by 365 (The corresponding ANNUAL PERCENTAGE RATE will be the Index plus 21.74%). The Index in effect for each Billing Period shall be the highest “Prime Rate” of interest as published in the “Money Rates” section of The Wall Street Journal for the calendar month preceding the month in which the Billing Period begins, rounded upward, if necessary, to the nearest .001% (“Index”). The corresponding ANNUAL PERCENTAGE RATE will not decrease below 24.99% nor increase above 24.99%. An increase or decrease in the Annual Percentage Rate will result in a corresponding increase or decrease in the amount of Finance Charge.

Effective July 1, 2010. The 24.99% maximum Annual Percentage Rate will be removed from your account. This means that the Annual Percentage Rate on your account can increase above the 24.99%, upon an increase in the Prime Rate.

In plain English, the APR on your Victoria’s Secret card will be 24.99%. That is, until the rate cap is removed on July 1, 2010 and it can be further increased. Better pay off that card each month unless you like paying 24.99% interest on all those fancy bras and underwear.

Oh, and you better opt out of receiving monthly paper statements or they’ll charge you $1 for each of those you want to receive.