Amazon EC2 Console Breach Shuts Down Code-Hosting Service

Massive amount of data deleted, company to refund paying customers

This week, cyber assailants gained unauthorized access to the Amazon Elastic Compute Cloud (EC2) control panel of code-hosting provider Code Spaces, rendering the service completely inoperable and without any possibility of continuation.

EC2 is a component of the Amazon Web Services (AWS) and offers virtual computers for rent, where users can run their own applications.

The incident started on Tuesday, when the servers of the company were hit by a distributed denial-of-service (DDoS) attack, whose purpose was money extortion.

Code Spaces administrators discovered the ransom demand when they connected to the EC2 panel and noticed that an unauthorised person had already gained access to the console and left messages to be contacted on a Hotmail address.

The communication revealed that the cybercriminal was trying to extort “a large fee” in order to stop the DDoS.

The access level of the unauthorized person proved to be quite high because when the Code Spaces administrators attempted to change the passwords and thus regain control over the EC2 panel, the attacker saw this coming and had prepared backup logins.

Detecting the recovery attempt from Code Spaces prompted him to initiate the procedure of randomly deleting the data available.

The staff managed to regain control of the account only to see that the damage done was critical, since the assailant had managed to remove important data stored through the Elastic Block Store and S3 services from Amazon.

“We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMI's, some EBS instances and several machine instances,” a Code Spaces representative wrote on the home page of the website (cached version).

“In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.”

Among the data that could be rescued there are Svn repositories with the URL format “[ACCOUNT]/[REPONAME]” and all Git repositories.

There is no information about who is behind the attack, but the only thing sure is that Code Spaces services have been affected beyond the possibility of recovery.

“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a irreversible position both financially and in terms of on going credibility,” the company says.

Customers are advised to make contact at support[at] with their account URL in order to get their data.

Hot right now  ·  Latest news