Linode Hacked? Who can fill in the missing details?

I’m seeing mixed information online that Linode may have been hacked. The biggest collection of comments seems to be on the hacker news post. There are quite a few there saying they got new credit cards recently or have had suspicious charges.

I got a letter from my bank last early last month telling me I’d have a new card by March 25th. I got a new credit card by that date as well as a separate mailing for a PIN reset. The mailing from my bank did not mention which merchant triggered the card replacement.

I didn’t get the email from Linode until after I had a new card, which leads me to wonder if they’re related or merely a poorly timed coincidence.  This post leads me to believe that it happened only 2 weeks ago, which is funny because I actually updated my Linode account to the new card a few days after the 1st. If it did in fact happen 2 weeks ago they would have had my old credit card number that was on file and already canceled by my bank.

Since Linode seems to be short on details at the moment I was hoping to aggregate some info regarding who’s a customer and was sent new cards from their bank recently. I haven’t noticed anything suspicious on my statements like some others noted.

Unfortunately there’s not a lot of clarity on what’s going on and Linode has been quiet since their email on Friday. I’d venture to say it’s a mix of truth and lies at this point.

This comment highlights the fact of how incompetent Linode staff would have to be. To me it’s a bit far fetched.

These guys are looking totally incompetent at this point.

If you believe this Ryan guy, credit cards stored on the same server as the key to decrypt them, Lish passwords stored in plain text, they’ve known for some time and lied about what actually happened and now they’re saying “we won’t do anything about it” via email?

“You are of course free to take any steps you deem prudent or necessary to ensure the integrity of your online presence.”


Edit: not to mention they “made a deal” with the hacker not to tell anyone? What the hell?

Response to WebHostingTalk’s Security Breach

I heard about WebHostingTalk’s security breach recently and after reading the comments on Slashdot, I became a bit concerned people were missing the issue. People discussed offsite backups and offline backups, but while that might have mitigated the issue, its not what’s at fault.

What’s at fault is the fact that their database servers could be connected to from their backup servers. Backup servers should only be able to be connected to from the boxes they’re backing up data from. You should send your data there, not download your your data to the backup server.

My sss/rsync scripts run from the box I’m backing up and that box has no way to connect back to the box I’m backing up from. If that’s the way WebHostingTalk’s servers were set up, there would be no hack. Yes, they might have been able to delete the backups, but not be able to connect to the database servers and wipe the tables on them.