We recently reported on a recent data breach at Linode, where they forced mass password resets on all their customers over the Christmas break. We then updated the story which making reference to a breach by PagerDuty back in July 2015, and WP Engine breach just before Christmas, and requested comment on the associations and the breach generally by Linode. Linode has confirmed that the threat has been isolated, but investigations continue.
Due to the ongoing nature of the investigations, both in relation to the breach, and the DDOS attacks over the Christmas period, Linode is not able to provide much information about its nature.
However, Casey Smith, Linode’s VP of Communications told Best Host News that they believed that the threat had been isolated:
With regard to the DDOS attacks, Smith confirmed that they are investigating a link between the two incidents, but they do not know whether they are related at the current time:
According to Smith, Linode’s security team is “cooperating” with the FBI’s Cyber Crime unit in relation to the attacks.
Linode Customers Rally to their Defense
In a sign that Linode has been handling the situation well, Linode customers have been rallying round the company, with some even sending Pizza to the support team:
— Caleb Carges (@calebcarges) January 5, 2016
David Roesch, Linode’s director of marketing, commented:
Something inspiring happened over the past few weeks…
Instead of expressing frustrations online, the majority of Linode’s customers rallied to our defense, thanked our team for above-and-beyond effort, and displayed a type of sincere loyalty that most providers can only dream of. We even had a customer from California send in pizza for the support team to keep them going. Our whole team has been encouraged by the support we’ve received during this difficult time.
The PagerDuty Breach Update
The PagerDuty breach was claimed by an Employee of PagerDuty (and ex-employee of Linode) on HackerNews to be related to a breach on HackerNews. We reached out to Linode about this. Casey Smith commented:
Continuing, Smith confirmed that the July 2015 breach was completely unrelated to the present issues:
Unfortunately, Linode is unable to comment further on the specifics of the breach, saying that they do take security extremely seriously:
The WP Engine Breach Update
In our previous article, we had very little information whether the WP Engine breach was related to the current Linode breach. We didn’t specifically ask Linode about this (we commented on this later) and as such Casey Smith made no comment on this. We must exercise caution in linking the two incidents.