Code hosting and collaborative development service Code Spaces is ceasing operations after an unidentified attacker erased almost all of its customer data, together with backups.
The incident started with a Distributed Denial of Service (DDoS) attack on Tuesday, which diverted the attention from the fact that the hacker gained access to Code Spaces’ Amazon EC2 control panel. Once in charge, they blackmailed the company, demanding “a large fee”.
When the administrators attempted to wrestle the control back, the attacker started deleting customer data at random, until almost nothing was left.
“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility,” states the post on the Code Spaces homepage.
“As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us.”
Code Spaces is operated by AbleBots from New Jersey, US. On Tuesday, as it was suffering from a DDoS attack, the company received a number of messages from the hacker who had logged into its cloud control panel.
Rather than pay up, the administrators decided to investigate the issue and attempt to secure the cloud infrastructure. Unfortunately, the attacker had already created a number of backup logins and when the team tried to recover the accounts, started erasing parts of the system.
“We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances,” said the statement.
“In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.”
It’s not clear just how the hacker managed to obtain log-in credentials, but Code Spaces is convinced that its Private Keys were not compromised. The company added that it has no reason to think that the attack was carried out by any current or former employee.
In the coming weeks, AbleBots will focus on supporting the affected customers in exporting any remaining data they have left on the system.
“All that we can say at this point is how sorry we are to both our customers and to the people who make a living at Code Spaces for the chain of events that lead us here,” concludes the statement.
Code Spaces previously claimed that it operates a well-practiced and proven data recovery plan that involves data centres on three continents.
How well do you know network security? Try our quiz and find out!
Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…
Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…
Elon Musk continues to provoke the ire of various leaders around the world with his…
Volkswagen and Rivian officially launch their joint venture, as German car giant ups investment to…
Merry Christmas staff. AMD hands marching orders to 1,000 employees in the led up to…
Recall number six in 2024 for Tesla Cybertruck, and this time the fault cannot be…
View Comments
When will people realize never never never put anything of real value (financial or personal) solely in the cloud. Businesses who do are being totally and utterly irresponsible to their shareholders.
Same also applies to building your IP around Software as a service, read Microsoft, Adobe etc. If the company only offers a software as a service then go to one of their competitors who offer a version that is not based on remote servers or the internet.
At least Microsoft still allows you to buy real software still albeit at a price, so some kudos to them there!