14 DAY TRIAL // Web hosting and cloud computing company Linode has suffered another data breach. The company has taken steps to improve its security since the April 2013 hack, but the server breached on this occasion has been neglected because it “plays no role in Linode infrastructure.”
According to Christopher Aker, founder and CEO of Linode, the attackers have targeted an old server. They’ve managed to gain access to a database stored on it by using forum credentials compromised in the April 2013 attack.
“Unfortunately, it did have a restore of the phpBB forum database on it from 2010-03-03. Forum users that existed at that time and who haven’t changed their credentials since have had them revoked and will need to reset them,” Aker noted.
ZDNet reports that a user with the online moniker “n0tryan” has posted the credentials for a Linode server, possibly the one that Aker has referred to.
The database dump is said to include some invalid credit card numbers, usernames, email addresses and encrypted passwords. The credentials appear to be for the phpBB forum.
Aker says the company has been focusing on nothing but security for over six months after the April incident. All other developments were stopped to make sure Linode’s systems could not be hacked again.
Now, the company’s CEO says they will discuss new security policies that target scenarios such as this one.
While Linode was being breached once again by cybercriminals, someone also made a false report and had the company’s offices swatted.
The Galloway police department’s SWAT team evacuated the offices for around an hour while they searched the building.
“They had received a false report which provoked them to respond in this manner – and it’s their job, after all, to respond to reports, even if it turns out to be a hoax. They were great, and I thank them,” Aker said.