Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Cloud Host Linode Changes User Passwords after Suspected Hack

Linode, the cloud-based hosting provider, has been under DDoS attack since almost two weeks, said today that it has deceased passwords of all Linode managers as a "precaution" when it discovered that credentials of its two customers seem to have been stolen.

The Distributed Denial-of-Service (DDoS) attack is a common path for cybercriminals since it is frequently the easiest way to finish: malicious actors compromise huge number of machines and then all of them try high-traffic connections simultaneously. Targeted servers, if overwhelmed, might start crawling as CPUs try to keep up or fail completely.

The threat of DDoS attacks are used to initiate action or reveal weakness in security. Unfortunately, Linode did not progress so well.

Softpedia.com posted on 6th January stating that Linode has been under a constant DDoS attack since 24th December which has kept the staff members of the company busy all these days.

Staff of Linode speculated that the unlawful logins might be connected to a breach of data which they don't have time to investigate because of the constant downtime to its VPS hosting service instigated by DDoS attacks.

The company was attacked time and again, and was criticized for a lack of response to the present issue. Alex Forster, network engineer with Linode, posted an article in detail about the hack by New Year's Eve, stating that the company had borne 30 various attacks in six days which changed vectors every time, Linode closed a security hole. The cloud provider was finally back on track by 4th January, with only one server in Atlanta listing an incomplete outage.

As a safety measure, the decision to reset a site-wide password was taken, in case its database gets compromised and then stolen during DDoS attacks.

In case, the attackers have got hold of database of Linode, the user table is suitably secured in spite of holding information such as usernames of site, email addresses, hashed passwords and encrypted two-factor seeds.

Attackers can break hashed passwords but if the user has selected strong passphrases, then breaking could take much longer time. The three illegal logins might have been from users who selected weak passwords for their accounts.

» SPAMfighter News - 1/8/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page