Stolen Linode customer credentials discovered on an ‘external’ server by cloud hosting provider that has been under continuous DDoS attacks.
By: Dark Reading Staff
Cloud-based hosting provider Linode, which has been under DDoS attack for about two weeks, today said it has expired all Linode Manager passwords as a “precaution” after discovering that two Linode customers’ credentials appear to have been pilfered.
“A security investigation into the unauthorized login of three accounts has led us to the discovery of two Linode.com user credentials on an external machine. This implies user credentials could have been read from our database, either offline or on, at some point. The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds. The resetting of your password will invalidate the old credentials,” the hosting firm said in a blog post today.
To read the entire article, please click here.