Linode Resets Passwords as DDoS Attacks Continue

The cloud hosting provider forces users to change passwords after an unauthorized log-in is detected.

Lincode breach

Linode is having a rough start to 2016. The cloud hosting provider has been suffering from a series of distributed denial-of-service attacks that were first reported on Dec. 25, impacting multiple Linode data center locations, including Dallas; Atlanta; Newark, N.J.; Fremont, Calif.; Singapore; Frankfurt, Germany; and London. Adding to Linode's woes, on Jan. 5, after an unauthorized access was discovered, the company informed its customers that they all need to reset their passwords.

The Linode status page provides a running tally of the ongoing attacks and Linode's attempts to mitigate to the issue. The company optimistically wrote on Dec. 26 that "the attacks have subsided for long enough that we believe this incident can be considered resolved." Unfortunately for Linode and its customers, attacks have continued against various pieces of Linode's global footprint.

"Over the course of the last week, we have seen over 30 attacks of significant duration and impact," Alex Forster, network engineer at Linode, wrote. "As we have found ways to mitigate these attacks, the vectors used inevitably change."

As Linode worked tirelessly to mitigate the DDoS attacks, it also discovered unauthorized access into three user accounts. A security investigation into the unauthorized access turned up another disturbing detail—that an external machine had a pair of Linode user credentials on it.

"This implies user credentials could have been read from our database, either offline or on, at some point," Linode warned in a status update. "The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds."

To mitigate the risk of a user database breach, Linode is triggering a password reset for its users. At this point, Linode is not aware of any link between the potential user access breach and the ongoing DDoS attacks.

"We have not been contacted by anyone taking accountability or making demands," Linode stated. "The acts may be related and they may not be."

Security experts contacted by eWEEK had mixed views about the Linode security incident. Scott Petry, co-founder and CEO of Authentic8, said Linode has had security-related issues in the past.

"They had a similar database breach in April of 2013 that forced a password reset for all their users," Petry told eWEEK. "So I guess the thing that surprises me is that they're still having these issues."

Justin Harvey, chief security officer at Fidelis Cybersecurity, is taking a positive spin on the incident, in terms of how Linode is communicating to its users about what is happening. "They [Linode] shared a lot of information and as an external observer, they're doing all the right things: being upfront about the issues, exposing their thought process and offering up the plan," Harvey told eWEEK. "This is a great example of how it should be done."

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.