Linode Hacked, Credit Cards and Passwords Leaked

An anonymous reader writes "On Friday Linode announced a precautionary password reset due to an attack despite claiming that they were not compromised. The attacker has claimed otherwise, claiming to have obtained card numbers and password hashes. Password hashes, source code fragments and directory listings have been released as proof. Linode has yet to comment on or deny these claims."

Some more details

[Necroman]

Some details that people have been able to find so far.

1) The guy claimed to have hacked ColdFusion using some 0-day exploit. He could have just been going off this recent Adobe bulletin. But this bulletin was before the Linode announcement, so who knows. http://www.adobe.com/support/security/bulletins/apsb13-10.html

This hotfix resolves a vulnerability that could be exploited to impersonate an authenticated user (CVE-2013-1387).
This hotfix resolves a vulnerability that could be exploited by an unauthorized user to gain access to the ColdFusion administrator console (CVE-2013-1388).

2) One of the files in the directory list that has a unique name is actually accessible on linode.com: http://www.linode.com/y_key_57284cb2de704e02.html

3) Looks like seclists (nmap people) were targeted by this hack: http://seclists.org/nmap-dev/2013/q2/3

4) It is not clear if credit cards were compromised or not. While this "ryan" guy claims they were, we won't know unless the list is published or Linode admits to it.