Linode Resets Passwords as DDoS Attacks Continue
Jake Kouns, chief information security officer at Risk Based Security, echoed those positive sentiments, saying that it is good to see Linode providing information about the incident to its customers and that the company appears to be on top of issue. The Linode investigation found unauthorized log-ins of just three accounts, which could be the result of something as simple as Linode's customers being phished for credentials, but it did lead to finding two credentials on some external machine, he added. "This makes it is seem quite small and contained on the surface," Kouns told eWEEK. "However, if they have expired all customer passwords, then there is likely evidence of a larger compromise or they aren't feeling 100 percent comfortable at this point and are taking the step as a precaution." In terms of a possible link between the user access breach and the DDoS attacks, Kouns noted that sometimes a DDoS attack is just what it appears to be, an attempt to take a business offline. That said, in other cases, a DDoS attack can be a way to distract an organization's IT security staff while some other sort of attack is launched, he said. While a DDoS attack could be used to distract an organization, Marcus Carey, CTO and founder of vThreat, said such an attack could also limit attacker access to systems they have already compromised. He added that most of the time attackers with access will keep it "low and slow" to avoid the type of attention DDoS attacks attract.For Linode users, there are only a few steps that they can actually take. Kouns said Linode users will need to set a new password when they log in next. "Impacted users shouldn't stop there however, and if they are reusing passwords against better judgment, they should also change the passwords at other services to something unique," Kouns suggested. Carey, in turn, is advocating that Linode customers make use of the two-step authentication system that Linode has provided to its customers since 2013. "Since Linode said they securely hash passwords and encrypt two-factor seeds, it significantly raises the difficulty of cracking the passwords and the two-factor seeds," he said. "Whether people use Linode or other services, they should be wise and set up two-step authentication when available." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
"The more likely scenario is that the DDoS attacks have heightened Linode's incident response senses, and they are leaving no stone unturned," Carey told eWEEK. "As a result of the DDoS attacks, they'll be actively looking for compromised accounts."