14 DAY TRIAL // Last week, users of Seclist.org – the security mailing list archive for Full Disclosure, Bugtraq, Nmap and many others – might have experienced some issues when accessing the site. It turns out that the downtime was due to the fact that the website’s web hosting provider, Linode, had been hacked.
According to a blog post published by the New Jersey-based web hosting and cloud computing provider, the company’s administrators have identified and blocked suspicious activity on the networks.
“This activity appears to have been a coordinated attempt to access the account of one of our customers. This customer is aware of this activity and we have determined its extent and impact,” Linode’s Stephen Clemens said.
“We have found no evidence that any Linode data of any other customer was accessed. In addition, we have found no evidence that payment information of any customer was accessed.”
Law enforcement has been called in to investigate and security measures have been implemented to keep the attackers out. However, as a precaution, all passwords have been reset and users have been requested to set new, strong ones.
The customer that Clemens is referring to appears to be Seclist.org. According to Gordon Lyon – aka Fyodor, the owner of various Internet security resource sites, including Seclist.org – the attackers used the access to Linode’s systems to break into some of their virtual private server (VPS) systems.
“I guess they hacked Linode and then went looking for well-known sites to go after. Perhaps we should be flattered to have made the list, but we're not. Linode says the intruder messed around with our account, but left their other customers alone,” Fyodor explained.
In the meantime, pre-attack backups have been used to restore the affected services.