Hackers Accessed Linode Customers' Accounts
Linode, cheap web site hosting provider, announced that a bug in Adobe's ColdFusion allowed hackers to gain access to some of its source code, a web server, and its database. How did they notice, how did it happen, and how did Linode react? Is this something you need to be worried about?
Hackers Accessed Linode Customers' Accounts: How It Started
On April 12, Linode released a statement in the form of a blog post. It said that system administrators had discovered and stopped “suspicious activity” that appeared to only target one of its customers, but as a precaution, Linode conducted a password reset of every one of their customers. They said, “We have found no evidence that payment information of any customer was accessed.”
The cheap web site hosting company contacted authorities, and determined a site-wide password reset would be the best protection against future attacks.
Hackers Accessed Linode Customers' Accounts: Hackers Fight Back
On Monday, the hackers responsible for the breach came forward in an IRC chat in the form of “Ryan,” a member of the hacker group HTP. He says they were able to access Linode's server through the installation of Adobe ColdFusion. “Ryan” said, “It's surprising that anyone is still running ColdFusion — that's like connecting a Windows 98 box to the internet without a firewall.”
At first, those he was chatting with weren't convinced he was the real deal. However, when he revealed hashed passwords, directory listings, and bits of source code, everyone involved in the chat was listening.
“Ryan” went on to say that HTP had gotten ahold of the cheap web site hosting company's customer's credit card numbers. Yes, they were encrypted, but “both the private and public keys were stored on the web server,” meaning it could be decrypted no problem.
In the text of the chatter, “Ryan” claims he will make public these credit card numbers because “they contacted law enforcement…broke the deal.” He goes on, “We will also release the logs of Linode staff who participated in this deal.”
Of course, the cheap web host had to reply once word got out in a public forum. They still denied that any credit card data was compromised, and blamed a bug within ColdFusion for causing a way for hackers to get in.
Despite what the hacker claimed in the IRC chat, Linode said, “Credit card numbers in our database are stored in encrypted format, using public and private key encryption. The private key is itself encrypted with passphrase encryption and the complex passphrase is not stored electronically…we have no evidence decrypted credit card numbers were obtained.”
Not The First Time
This isn't the first time the cheap web host has fallen victim to hackers. Last year, cyber-thieves broke into digital safety deposit boxes of eight Linode customers, taking $71,000 worth of bitcoins.
Are Linode Customers Safe?
With credit card numbers at stake, and despite Linode's assurances that everything has been done, is there anything that they can do to protect themselves?
The first step at protecting their information has already been taken by Linode themselves, when they forced everyone to change their passwords. However, if “Ryan” is correct, sensitive information has already made it into HTP's hands.
If it is true, customers should be scrambling to cancel their credit cards and getting new ones, as well as ditching Linode as a web site host altogether. If a company is hacked once and does not tighten up security somehow, and then is hacked again, it's probably not the best choice for your cheap web hosting needs.
Are you a Linode customer, or were you considering signing up with Linode? How do you feel now after reading the IRC chat?