By Tom Paine / Philly Tech News
[Ed. Note. Not too long ago, Galloway-based Linode’s biggest problem was getting permits straightened away to renovate its new property, an old Philadelphia bank building that it will be using as its headquarters, so the company could move into the heart of Philadelphia’s tech scene. We covered Linode’s intended move here.
However recently the company was hit by a number of DDOS attacks, reported here by Tom Paine of Philly Tech news. Here is Paine’s follow-up story. Note: this story was originally posted to Philly Tech News under the title Linode issues statement regarding DDOS attacks: Under control; all Linode Manager passwords have been expired, must be reset ]
Linode has issued a release summarizing what it has discovered and done regarding the DDOS (Distributed Denial of Service) incidents it recently experienced.
Effective immediately, all (external) Linode Manager passwords have been expired, and must be reset, the company said.
A security investigation into the unauthorized login of three accounts led to the discovery of two Linode.com user credentials on an external machine. This implies user credentials could have been read from its database, either offline or on, at some point. The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds.
This may have contributed to the unauthorized access of the three Linode customer accounts mentioned above, which were logged into via manager.linode.com.
Linode says it retained a well-known third-party security firm to aid in its investigation. Multiple Federal law enforcement authorities are also investigating and have cases open for both issues. When the investigation is complete, it says it will share an update on the findings.
Linode says it has no idea who was behind the attacks.
Other than responding to some press followup inquiries, it doesn’t plan to issue any further statements at this time.
The DDOS attacks began on Christmas Day centered on Dallas, and spread around to different locations in Linode’s global network, ending with an assault on its Atlanta data center. Things seemed largely under control by Sunday.
Linode competes in the public cloud hosting business with Digital Ocean and others, much smaller than Amazon Web Services and the other giants.
Yet that smaller segment is considered an attractive market for growth. But Linode may have to do more outreach to assure its customers that it is addressing security concerns.
From its original base near Atlantic City, Linode has been gradually migrating towards Philadelphia. It recently acquired the historic Corn Exchange Bank building in Old City as its Philadelphia base.