Linode hacked, a virtual private server web hosting and cloud computing provider
Linode, the web hosting provider, was hit by a security breach towards the middle of last month. The hackers exploited an Adobe ColdFusion vulnerability to launch a Zero Day attack. This security breach compromised several crucial data which included Linode database, certain parts of source code, credit card numbers as well as passwords. Once the company noticed the security breach, it initiated a password reset for all accounts managed by the company.
A hacker’s group called Hack The Planet or HTP used the vulnerability in Adobe ColdFusion. However, Adobe has now patched the loophole. Linode reported in a blog post that the company techs worked round the clock to deal with the situation. It mentioned that although the group managed to hack into the Linode database, they could not access all components which belonged to the Linode infrastructure comprised of host machines and services or servers responsible for running the infrastructure.
Linode mentioned in the blog post that the hackers could not manage to get hold of decrypted credit card numbers because the numbers are always encrypted before storing them in a database. Encryption is done using private and public keys and that the private key is also encrypted using passphrase. These complex and encrypted passphrases are never stored electronically.
Linode also said that it never saves the user passwords in its databases but instead cryptographically hashed and salted representations of the passwords in it databases. Though they are useless, the company expired the Linode Manager passwords and asked it customers to reset their passwords. The company also took steps to expire the API keys for those who used the same and emailed them with new details. Linode apologized for the inconvenience caused by the hackers and stated that the episode only strengthened the company’s commitment towards its customers and that it felt equally violated along with its customers.
]]>
Linode hacked, a virtual private server web hosting and cloud computing provider http://t.co/mM6isd9TMM