We recently reported on a recent data breach at Linode, where they forced mass password resets on all their customers over the Christmas break. We then updated the story which making reference to a breach by PagerDuty back in July 2015, and WP Engine breach just before Christmas, and requested comment on the associations and the breach generally by Linode. Linode has confirmed that the threat has been isolated, but investigations continue.
Due to the ongoing nature of the investigations, both concerning the breach, and the DDOS attacks over the Christmas period, Linode is not able to provide much information about its nature.
However, Casey Smith, Linode's VP of Communications told us that they believed that the threat had been isolated:
We are confident we have isolated the potential threat. However, we are continuing to use every resource available to ensure the security of our customers’ data and we continue our investigation. We are also making significant changes to mitigate the threat of persistent DDoS attacks in the future.
Concerning the DDOS attacks, Smith confirmed that they are investigating a link between the two incidents, but they do not know whether they are related at the current time:
While the two certainly could be related, we just don’t know at this time. Our investigation continues and we hope to know more once the results of the investigation are finalized.
According to Smith, Linode's security team is "cooperating" with the FBI's Cyber Crime unit concerning the attacks.
Linode Customers Rally to their Defense
In a sign that Linode has been handling the situation well, Linode customers have been rallying round the company, with some even sending Pizza to the support team:
David Roesch, Linode’s director of marketing, commented:
Something inspiring happened over the past few weeks ...
Instead of expressing frustrations online, the majority of Linode’s customers rallied to our defense, thanked our team for above-and-beyond effort, and displayed a type of sincere loyalty that most providers can only dream of. We even had a customer from California send in pizza for the support team to keep them going. Our whole team has been encouraged by the support we’ve received during this difficult time.
The PagerDuty Breach Update
The PagerDuty breach was claimed by an Employee of PagerDuty (and ex-employee of Linode) on HackerNews to be related to a breach on HackerNews. We reached out to Linode about this. Casey Smith commented:
Last July, one of our customers alerted us to an unauthorized login to their Linode Manager account. We immediately launched an investigation and cooperated willingly with investigators and law enforcement. The results of the investigation revealed no evidence of infiltration into Linode’s systems.
Continuing, Smith confirmed that the July 2015 breach was completely unrelated to the present issues:
This unauthorized account access in July was an isolated occurrence that was investigated and closed. There is no evidence to support that the recent suspicious account activity is related to the July incident.
Unfortunately, Linode is unable to comment further on the specifics of the breach, saying that they do take security extremely seriously:
Data security has always been a priority. We continuously upgrade our security measures, hardening it even without incident. However, our information security policies — for our customers' peace of mind and our own advantage in defending against attacks, prohibits us from disclosing specifics about the evolution of our security measures.
The WP Engine Breach Update
In our previous article, we had very little information whether the WP Engine breach was related to the current Linode breach. We didn't specifically ask Linode about this (we commented on this later) and as such Casey Smith made no comment on this. We must exercise caution in linking the two incidents.