An Interest In:
Web News this Week
- March 4, 2024
- March 3, 2024
- March 2, 2024
- March 1, 2024
- February 29, 2024
- February 28, 2024
- February 27, 2024
January 6, 2016 12:00 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/tVeIplilDaE/linode-resets-passwords-after-credentials-leak
Linode Resets Passwords After Credentials Leak
New submitter qmrq sends news that Linode, a major provider of virtual private servers, has been compromised again. In a blog post, they said, "A security investigation into the unauthorized login of three accounts has led us to the discovery of two Linode.com user credentials on an external machine. This implies user credentials could have been read from our database, either offline or on, at some point. The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds." The Linode team said it found evidence of unauthorized access to three customer accounts. They don't yet know who is behind the attacks. An employee for PagerDuty said they were compromised through Linode Manager all the way back in July. "In our situation the attacker knew one of our user's passwords and MFA secret. This allowed them to provide valid authentication credentials for an account in the Linode Manager. It's worth noting that all of our active user accounts had two-factor authentication enabled. ... We also have evidence from access logs provided by Linode that the attackers tried to authenticate as an ex-employee, whose username ONLY existed in the Linode database."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/tVeIplilDaE/linode-resets-passwords-after-credentials-leak
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot