Diversion via DDoS, intrusion & vol de données chez Linode

L'actualité & News Informatique!
Donc pas de demande d'aide dans cette partie.
ѠOOT

Diversion via DDoS, intrusion & vol de données chez Linode

par ѠOOT »

Linode, un puissant fournisseur américain de IaaS est, comme l'atteste l'historique des incidents de ses services, sévèrement perturbé depuis maintenant plusieurs semaines. Avant hier, Linode a annoncé la réinitialisation immédiatement des mots de passe de tous les comptes utilisateurs existants en raison d'une probable intrusion sur ses bases de données.

Effective immediately, Linode Manager passwords have been expired. You will be prompted to set a new password on your next login. We regret this inconvenience, however this is a necessary precaution.

A security investigation into the unauthorized login of three accounts has led us to the discovery of two Linode.com user credentials on an external machine. This implies user credentials could have been read from our database, either offline or on, at some point. The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds. The resetting of your password will invalidate the old credentials.

This may have contributed to the unauthorized access of the three Linode customer accounts mentioned above, which were logged into via manager.linode.com. The affected customers were notified immediately. We have found no other evidence of access to Linode infrastructure, including host machines and virtual machine data.

The entire Linode team has been working around the clock to address both this issue and the ongoing DDoS attacks. We've retained a well-known third-party security firm to aid in our investigation. Multiple Federal law enforcement authorities are also investigating and have cases open for both issues. When the thorough investigation is complete, we will share an update on the findings.

You may be wondering if the same person or group is behind these malicious acts. We are wondering the same thing. At this point we have no information about who is behind either issue. We have not been contacted by anyone taking accountability or making demands. The acts may be related and they may not be.

The security of your data, the functionality of your servers, and your confidence in Linode are extremely important to all of us. While we feel victimized ourselves, we understand it is our responsibility, and our privilege as your host, to provide the best possible security and service. You can help further enhance the security of your account by always using strong passwords, enabling two-factor authentication, and never using the same password at multiple services.

We sincerely apologize for the recent disruptions in your Linode service.
Thank you for your patience, understanding and ongoing trust in Linode.


Security Notification & Linode Manager Password Reset

L'entreprise communique et le principe de précaution est appliqué. Durant les fêtes, il aura fallu parfois plusieurs jours avant que des entreprises ne clarifient les incidents constatés. Ce fût le cas de : Valve : DDoS-induced caching problem led to Xmas Day Steam data leaks and downtime

Les "écrans de fumée" pour faire diversion à base de DDoS semblent être devenus la norme. ( cf: TalkTalk )
Wim Remes, Rapid7 a écrit :The tactic of inundating an application with traffic to hide the real attack ( smokescreening ) going on at the same time is very common nowadays. By distracting the target, the attacker buys more time to focus on the assets they are really after. Organisations can address this by implementing multi-layer monitoring systems.
Liens connexes:
2014 :: Annual UK DDoS Attacks & Impact Report - THE DANGER DEEPENS ★ DDoS smokescreening

Revenir à « Actualité & News Informatique »