Linode Resets Passwords After Credentials Leak (linode.com)

← Back to Stories (view on slashdot.org)

Linode Resets Passwords After Credentials Leak (linode.com)

Posted by Soulskill on Tuesday January 5, 2016 @11:09AM from the another-day-another-breach dept.

New submitter qmrq sends news that Linode, a major provider of virtual private servers, has been compromised again. In a blog post, they said, "A security investigation into the unauthorized login of three accounts has led us to the discovery of two Linode.com user credentials on an external machine. This implies user credentials could have been read from our database, either offline or on, at some point. The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds." The Linode team said it found evidence of unauthorized access to three customer accounts. They don't yet know who is behind the attacks.

An employee for PagerDuty said they were compromised through Linode Manager all the way back in July. "In our situation the attacker knew one of our user's passwords and MFA secret. This allowed them to provide valid authentication credentials for an account in the Linode Manager. It's worth noting that all of our active user accounts had two-factor authentication enabled. ... We also have evidence from access logs provided by Linode that the attackers tried to authenticate as an ex-employee, whose username ONLY existed in the Linode database."

55 comments

Min score:

Reason:

Sort:

Sounds like someone really hates them. by d33tah · 2016-01-05 11:13 · Score: 2

Sounds like someone really hates them. First the DDoS, now the compromise...
1. Re:Sounds like someone really hates them. by greenfruitsalad · 2016-01-05 20:49 · Score: 1
  
  i don't understand why they still haven't made 2 factor authentication mandatory.
2. Re:Sounds like someone really hates them. by Anonymous Coward · 2016-01-06 00:25 · Score: 0
  
  "In our situation the attacker knew one of our user's passwords and MFA secret"
  The 2FA secrets were exposed as well. Wouldn't have helped in this case.
Again? by 110010001000 · 2016-01-05 11:13 · Score: 2

Was this the same event as was reported here two days ago? Or new? The problem here is once your provider has been compromised you have no recourse but to assume that you and your customers who use you have been compromised as well. My guess here is that it is a disgruntled ex-employee of Linode.
1. Re:Again? by Anonymous Coward · 2016-01-05 13:32 · Score: 0
  
  They were hacked last year, and DDoSd a few days ago.
It's been leaking a LONG time by Anonymous Coward · 2016-01-05 11:13 · Score: 0

Foreplay!
Could Amazon, Azure, others, ever be compromised? by Anonymous Coward · 2016-01-05 11:22 · Score: 0

Could public cloud providers be penetrated in such a way that all your data and activities belong to NSA, China, etc?
Re:Could Amazon, Azure, others, ever be compromise by Anonymous Coward · 2016-01-05 11:44 · Score: 0

Fnord.
The linode? by Anonymous Coward · 2016-01-05 11:50 · Score: 0

Linode... Distant cousin of the anode and cathode
Re:Could Amazon, Azure, others, ever be compromise by Anonymous Coward · 2016-01-05 12:04 · Score: 0

They probably already are. The reason you won't hear about it is because the people that break in to systems like that are very careful to go unnoticed. Hacking those systems is worth billions of dollars.
another spam hosting isp gets bit in the ass by Indy1 · 2016-01-05 12:05 · Score: 2

I always find it amusing when a big spammy hosting provider gets pwned. Companies that ignore their spam problems usually tend to ignore their security problems too.
http://www.spamhaus.org/sbl/li...

--
Lawyers, MBA's, RIAA? A jedi fears not these things!
1. Re:another spam hosting isp gets bit in the ass by Anonymous Coward · 2016-01-05 12:22 · Score: 0
  
  I assure you they are not lenient on spammers. Somehow an email header presented to them had one of our app server's IP on it and threatened to shut us down. When I pointed out that there was no email server installed on the server as they could see from listing the running processes they then left us alone. (we use sendgrid via http for any mailing needs)
  Your "big spammy hosting provider" picture seems a bit biased.
2. Re:another spam hosting isp gets bit in the ass by lucm · 2016-01-05 12:23 · Score: 3, Interesting
  
  The relationship between hosting companies and spammers is fascinating. I strongly recommend Krebs book on this topic, it makes for an entertaining and educating read (book is called "Spam Nation").
  Checkout this post on his blog about spammers and IBM:
  
  Last month, anti-spam group Spamhaus.org listed Softlayer as the “#1 spam hosting ISP,” putting Softlayer at the very top of its World’s Worst Spam Support ISPs index. Spamhaus said the number of abuse issues at the ISP has “rapidly reached rarely previously seen numbers.”
  http://krebsonsecurity.com/201...
  
  --
  lucm, indeed.
3. Re: another spam hosting isp gets bit in the ass by Anonymous Coward · 2016-01-05 12:31 · Score: 0
  
  I'd take Spamhaus more seriously if many of their actions weren't just as bas as the spammers. And they're one of the more reputable blacklists. Dark days indeed.
4. Re:another spam hosting isp gets bit in the ass by Anonymous Coward · 2016-01-05 12:39 · Score: 0
  
  You're really using 8 hosts out of thousands of ip's as evidence of them being a spammy isp? Chances are the complaints were dealt with. I got threats to shut my site down just for hosting a dns server for the opendns project if it were ever used in a ddos attack
5. Re:another spam hosting isp gets bit in the ass by Anonymous Coward · 2016-01-05 13:02 · Score: 0
  
  Is that them or did some of their customers' servers get hacked. I'm guessing the later and see that all the time.
6. Re:another spam hosting isp gets bit in the ass by Anonymous Coward · 2016-01-05 13:22 · Score: 1
  
  only 8 listed ip's out of how many 10s of thousands they have? that's not a horrible track record compared to many hosts.
7. Re:another spam hosting isp gets bit in the ass by raisin · 2016-01-05 14:13 · Score: 4, Informative
  
  I always find it amusing when a big spammy hosting provider gets pwned. Companies that ignore their spam problems usually tend to ignore their security problems too.
  http://www.spamhaus.org/sbl/li...
  As a Linode customer, this post was news to me and cause for concern.
  But then I saw that Rackspace had 12:
  http://www.spamhaus.org/sbl/listings/rackspace.com
  and I was glad to have left for Linode after Rackspace bought Slicehost.
  And saw that others were worse, with Dreamhost at 25:
  http://www.spamhaus.org/sbl/listings/dreamhost.com
8. Re:another spam hosting isp gets bit in the ass by ShakaUVM · 2016-01-05 14:40 · Score: 2
  
  >I always find it amusing when a big spammy hosting provider gets pwned. Companies that ignore their spam problems usually tend to ignore their security problems too.
  Seriously? If any of my users does anything even remotely annoying, like running Nmap, I'd immediately get a notification from their netops people. I'd shut the user down, and they'd write back and thank me.
  I can't imagine a spammer lasting very long at all in an environment like that. They take their stuff very seriously there.
9. Re: another spam hosting isp gets bit in the ass by lucm · 2016-01-05 14:46 · Score: 1
  
  I'd take Spamhaus more seriously if many of their actions weren't just as bas as the spammers.
  Like what?
  
  --
  lucm, indeed.
10. Re:another spam hosting isp gets bit in the ass by h33t+l4x0r · 2016-01-05 14:57 · Score: 1
  
  25 for Amazon too. I doubt if those numbers mean anything, but if they do, Linode wins.
11. Re: another spam hosting isp gets bit in the ass by Anonymous Coward · 2016-01-05 15:14 · Score: 0
  
  He works for the competition. That's all
12. Re: another spam hosting isp gets bit in the ass by Anonymous Coward · 2016-01-05 15:16 · Score: 0
  
  They mean Jack shut. The poster is just an idiot working for a competitor that is getting their asses handed to them by quality providers like linode
13. Re:another spam hosting isp gets bit in the ass by NormalVisual · 2016-01-05 16:12 · Score: 1
  
  I always find it amusing when a big spammy hosting provider gets pwned.
  
  Linode isn't one of those. You want real spam? Go look at ColoCrossing and its subsidiaries/resellers.
  
  --
  Please stand clear of the doors, por favor mantenganse alejado de las puertas
14. Re:another spam hosting isp gets bit in the ass by NormalVisual · 2016-01-05 17:25 · Score: 1
  
  No, they don't mean anything. Compare them to Velocity Servers/ColoCrossing. Those guys have whole /16s and /20s listed.
  
  --
  Please stand clear of the doors, por favor mantenganse alejado de las puertas
15. Re:another spam hosting isp gets bit in the ass by h33t+l4x0r · 2016-01-05 18:25 · Score: 1
  
  What does this even mean? Who are the netops people supposed to be and who are you in this scenario?
16. Re: another spam hosting isp gets bit in the ass by Anonymous Coward · 2016-01-05 20:12 · Score: 0
  
  Without going into detail, actions that I personally believe are tantamount to blackmail. If you've ever had the joy of conversing with them at length you'd soon understand that rationality is not part of the agenda. And no, given how the propaganda usually plays out at this point for the record I am most certainly not a spammer nor do I send any kind of bulk email out intentionally or otherwise.
17. Re:another spam hosting isp gets bit in the ass by ShakaUVM · 2016-01-05 23:56 · Score: 1
  
  I have a Linode, as should be obvious from the context, and their netops people are very aggressive on clamping down bad behavior coming from their nodes.
18. Re: another spam hosting isp gets bit in the ass by thoromyr · 2016-01-06 03:12 · Score: 1
  
  "Without going into detail..."
  In other words, you don't offer any evidence to evaluate. You don't like them, that is fine. Many spammers do not.
19. Re: another spam hosting isp gets bit in the ass by lucm · 2016-01-06 09:18 · Score: 1
  
  "Without going into detail..."
  In other words, you don't offer any evidence to evaluate.
  Yeah, just like my ex who kept accusing me of disrespecting her, but could never come up with a single specific incident because "there's too many of them"
  
  --
  lucm, indeed.
20. Re: another spam hosting isp gets bit in the ass by Anonymous Coward · 2016-01-06 09:54 · Score: 0
  
  And by whom are you employed or are you a customer? It's fine to say what you say but please consider disclosing such affiliations.
21. Re:another spam hosting isp gets bit in the ass by h33t+l4x0r · 2016-01-06 10:48 · Score: 1
  
  Ok so the users are people who pay you to run things on your linode? Why wouldn't they just get their own?
22. Re:another spam hosting isp gets bit in the ass by ShakaUVM · 2016-01-06 11:13 · Score: 1
  
  >Ok so the users are people who pay you to run things on your linode? Why wouldn't they just get their own?
  They're computer science students. I host a UNIX server for them on my own nickel because I don't want to graduate CS majors who don't know an ls from an rm. But being CS majors they occasionally do goofy things that need to be clamped.
  And I do hope they get their own - a number have installed Linux on their PCs, or bought a RPi or whatever.
  Anyhow, my point is that Linode doesn't seem to be the kind of place where a spammer would last very long.
23. Re:another spam hosting isp gets bit in the ass by h33t+l4x0r · 2016-01-06 13:36 · Score: 1
  
  Ah, I see.
  
  Yes, spam they have to take seriously, but I'm surprised that they're contacting you about running Nmap.
Re:Could Amazon, Azure, others, ever be compromise by lucm · 2016-01-05 12:19 · Score: 1

Tinfoil hat much

--
lucm, indeed.
Re:Could Amazon, Azure, others, ever be compromise by Anonymous Coward · 2016-01-05 12:30 · Score: 0

Strange... your comment was blank. Did you mean to post a blank comment?
Re:Could Amazon, Azure, others, ever be compromise by Anonymous Coward · 2016-01-05 15:46 · Score: 0

They must be a top target for espionage.
Re:Could Amazon, Azure, others, ever be compromise by omfgnosis · 2016-01-05 16:48 · Score: 1

Right of course. The intelligence community was exposed for intercepting every electronic communication they could and were allowed to continue doing so until private businesses were able/compelled to do it for them, and continually compromise and publicly undermine encryption. But imagining that they're actually using the power they've accumulated... that's paranoid and anyone suggesting it should be mocked.
It's not like the old days where you had to pay attention and make inferences, the stuff is public record now. Now it rightly sounds delusional to suggest that any important system escapes compromise.
Re:Could Amazon, Azure, others, ever be compromise by lucm · 2016-01-05 17:03 · Score: 1

Right of course. The intelligence community was exposed for intercepting every electronic communication they could and were allowed to continue doing so until private businesses were able/compelled to do it for them, and continually compromise and publicly undermine encryption. But imagining that they're actually using the power they've accumulated... that's paranoid and anyone suggesting it should be mocked.
The AC said: "Hacking those systems is worth billions of dollars". That doesn't suggest NSA interception, that suggests a commercial endeavor to hack AWS and Azure. Those are two different things.

--
lucm, indeed.
Re:Could Amazon, Azure, others, ever be compromise by omfgnosis · 2016-01-05 17:16 · Score: 1

It helps to actually read the thing someone's replying to. Here's the whole thread up to your response, with my emphasis added:

Could public cloud providers be penetrated in such a way that all your data and activities belong to NSA, China, etc?
They probably already are. The reason you won't hear about it is because the people that break in to systems like that are very careful to go unnoticed. Hacking those systems is worth billions of dollars.
Tinfoil hat much
But to your inference, the intelligence community also sees monetary value in their interception and exploit programs, obviously, which is why they've invested in those programs. Bang for buck, investing in electronic intelligence almost certainly pays bigger dividends in aggregate than investing in human intelligence—at least that is what they must assume.
And with that said, if you were more preoccupied by the mention of China, and for some reason assuming corporate, rather than imperial, espionage... I'm even more at a loss at your accusation of paranoia.
Agreed - ColoCrossing is Spammer City by Anonymous Coward · 2016-01-05 17:25 · Score: 0

Someone needs to nuke that place.
Wow by Anonymous Coward · 2016-01-05 18:17 · Score: 0

I made a linode account yesterday, good thing I didn't buy anything.
Recent by Anonymous Coward · 2016-01-05 20:47 · Score: 0

Only signed up with them as a customer the other day, I got the Password Expiry on Logon. This must be relatively new news.
Where I work by kilodelta · 2016-01-06 00:35 · Score: 1

We're just in the process now of migrating away from Linode. And this is the first notification I've seen of this issue. So they didn't email everyone.
1. Re:Where I work by marklark · 2016-01-06 06:40 · Score: 1
  
  I got our notification at 11:10am.
  "
  Hello,
  As a precaution, Linode has expired Linode Manager passwords. You will be prompted to set a new password the next time you log into . If you haven't already done so, you should do this now.
  For more information, please read our blog post:
  We apologize for this inconvenience.
  Thank you,
  The Linode Team
  "
Re:Could Amazon, Azure, others, ever be compromise by lucm · 2016-01-06 09:16 · Score: 1

It helps to actually read the thing someone's replying to. Here's the whole thread up to your response, with my emphasis added:

Could public cloud providers be penetrated in such a way that all your data and activities belong to NSA, China, etc?
They probably already are. The reason you won't hear about it is because the people that break in to systems like that are very careful to go unnoticed. Hacking those systems is worth billions of dollars.
Tinfoil hat much
But to your inference, the intelligence community also sees monetary value in their interception and exploit programs, obviously, which is why they've invested in those programs. Bang for buck, investing in electronic intelligence almost certainly pays bigger dividends in aggregate than investing in human intelligence—at least that is what they must assume.
And with that said, if you were more preoccupied by the mention of China, and for some reason assuming corporate, rather than imperial, espionage... I'm even more at a loss at your accusation of paranoia.
None of this is relevant. The point is that nobody has made billions secretly hacking AWS and Azure. This is just FUD with no basis in reality.
As for China having backdoors to AWS and Azure, that's also absurd and it shows a very poor knowledge of the actual situation in China, where:
1) The government is not one big unified organization, but instead a bunch of small fiefdoms, a lot more similar to the EU than the USA
2) The technical capabilities are just not there; lots of noise and scanning, but still very low capabilities beyond human intelligence which has little reach outside of Chinese nationals abroad
Get real

--
lucm, indeed.
Re:Could Amazon, Azure, others, ever be compromise by theArtificial · 2016-01-06 10:35 · Score: 1

None of this is relevant. The point is that nobody has made billions secretly hacking AWS and Azure. This is just FUD with no basis in reality.
How many businesses do you think run on AWS and Azure? Considering revenue for AWS is at $2.1 billion dollars. AWS also offers a cloud computing aimed at the Feds, which certainly wouldn't be of interest to anyone else out there.

--
Man blir trött av att gå och göra ingenting.
Re:Could Amazon, Azure, others, ever be compromise by lucm · 2016-01-06 12:14 · Score: 1

None of this is relevant. The point is that nobody has made billions secretly hacking AWS and Azure. This is just FUD with no basis in reality.
How many businesses do you think run on AWS and Azure? Considering revenue for AWS is at $2.1 billion dollars. AWS also offers a cloud computing aimed at the Feds, which certainly wouldn't be of interest to anyone else out there.
So what? That's like saying: there's billions of people driving cars out there so a brand new electric car that cost $500 and that goes 100,000 miles per charge would interest a lot of people. Doesn't mean someone has done it.

--
lucm, indeed.
Re:Could Amazon, Azure, others, ever be compromise by theArtificial · 2016-01-06 13:30 · Score: 1

If you look closely at the thread the claim was that it's not worth billions to attempt to hack AWS. I've shown that the operation itself is worth over two billion just to Amazon. Including the businesses that run on it would easily increase that figure.

--
Man blir trött av att gå och göra ingenting.
Re:Could Amazon, Azure, others, ever be compromise by omfgnosis · 2016-01-06 14:02 · Score: 1

None of this is relevant.
Then why the fuck did you reply to it?
Re:Could Amazon, Azure, others, ever be compromise by lucm · 2016-01-06 17:18 · Score: 1

Here's what you say:

If you look closely at the thread the claim was that it's not worth billions to attempt to hack AWS.
Here's what was said in the thread:

Hacking those systems is worth billions of dollars.
I guess I'm not reading things closely enough.

--
lucm, indeed.
Re:Could Amazon, Azure, others, ever be compromise by lucm · 2016-01-06 17:33 · Score: 1

None of this is relevant.
Then why the fuck did you reply to it?
Don't get your panties in a bunch. My point was that it's absurd to think that someone is making billions with their secret hacking of AWS and Azure, not that someone wouldn't make money if they did hack AWS or Azure.
You can agree or not with that, but saying that the NSA is evil or that AWS is making money doesn't shed any more light on the matter.

--
lucm, indeed.
Re:Could Amazon, Azure, others, ever be compromise by omfgnosis · 2016-01-06 18:06 · Score: 1

I still don't understand why you're shoving your random thoughts into a thread where you don't think the discussion is relevant. And gendering my underpants isn't any more enlightening.
Meh by lucm · 2016-01-07 08:22 · Score: 1

I still don't understand why you're shoving your random thoughts into a thread where you don't think the discussion is relevant. And gendering my underpants isn't any more enlightening.
Here's my parting gift to you. Either nobody ever cared enough about you to let you know, or you're just too self-centered to acknowledge critics, but dude, you're not funny. You're obviously smarter than average, but you're not as clever and witty as you think. Odds are that when you walk away from a discussion (online or in real life) feeling like high-fiving yourself, you actually came out lame and smug.
I enjoy an entertaining flame war once in a while but that's just not happening with you.

--
lucm, indeed.
1. Re:Meh by omfgnosis · 2016-01-07 16:12 · Score: 1
  
  I wasn't actually trying to be funny? I was trying to sincerely discuss the actual discussion that was actually happening around your comment, and I repeatedly asked why you weren't. But if personal attacks is your thing, don't let me stand in the way. I do actually have better things to do.