undefined | Better HN

0 pointsopendais12y ago0 comments

Eh? They did say the attacker got access to the database which holds the encrypted copies of the credit card info [and other information]

https://blog.linode.com/2013/04/16/security-incident-update/

0 comments

5 comments · 3 top-level

WestCoastJustin12y ago· 2 in thread

Please, lets not rehash the past again and again. If you want more information, this has already been heavily discussed on HN.

  Compromised Linode, thousands of BitCoins stolen (bitcoinmedia.com) 
  316 points by tillda 510 days ago
  https://news.ycombinator.com/item?id=3654110

  Linode hacked, CCs and passwords leaked (slashdot.org)
  732 points by DiabloD3 101 days ago
  https://news.ycombinator.com/item?id=5552756

  The story around the Linode hack (straylig.ht) 
  349 points by foofoobar 79 days ago
  https://news.ycombinator.com/item?id=5667027

opendaisOP12y ago

All of which were publicly acknowledged are reasonably quickly. I didn't ask about breaches. I asked about ones that were not acknowledged or not acknowledged quickly which is what was claimed. ;)

thaumaturgy12y ago

I really wish you'd just read those threads instead of forcing it all to be re-hashed in yet another thread.

Brief summary: according to the hackers involved, they struck a deal with Linode whereby, if Linode made no moves to disclose the attack, the hackers would shred all of the data they had grabbed. Instead, the FBI forced Linode's hand in the matter. Even if that's not true -- and, in this incident, the hackers came out as more believable than Linode IMO -- there still was no mention of the incident on the Linode blog until after the hackers had claimed credit on Linode's IRC channel and the news of that had started making the rounds. This is identical to the previous incident, where Linode said nothing until after a customer started complaining loudly on their user forums.

Then, Linode wasn't forthcoming with details, despite the hack having occurred a couple of days prior. The second update from Linode came only after additional information had been made public by the hackers, and provided no information beyond what had already become public. Linode claimed that customers' credit card information was still secure, but the hackers claimed otherwise and in the days and weeks following the event, several people claiming to be Linode customers claimed that they were seeing suspicious activity on cards that could reasonably be traced back to Linode (cards that were Linode-specific or used for few enough other services).

The way that Linode has handled both incidents has left me, and many others, with the impression that they simply will not disclose that they've been compromised unless forced to by someone else -- a customer or the attacker(s) -- and then they'll attempt to be very opaque and not-specific about the incident.

It's a shame, because aside from this, I really like Linode. I wouldn't even be interested in looking at other VPS providers if it weren't for this. But now I'm being negligent if I continue to host customer data & services on Linode. I don't know yet if anyone else handles this sort of thing better, but I do know how Linode handles it and it's not good.

This'll be my only comment on this subject. You (or others that are interested) really should just go over past threads discussing the incident.

1 more reply

tkorri12y ago

I don't have the exact dates at hand but if I remember correctly the hacking happened few weeks before they acknowledged it.

And the only reason they admitted it (well at least it looked like that) was because the info had already been leaked through their irc channel[0].

[0]: http://turtle.dereferenced.org/~nenolod/linode/linode-abridg...

swang12y ago

Except this was after Linode did a "password reset" email to their customers on the Friday 04/12 without explaining anything and saying everything was fine. Said blog post on 04/16 after log files were released in which the hacker basically said linode paid them to keep quiet about the "incident"

j / k navigate · click thread line to collapse