Linode Hackers Compromise Passwords, Credit Card Details

Hosting firm Linode has been hit by a hacker group, which accessed the company’s database which held credit card data and passwords.

Linode, which hosts virtual private servers for its customers, believes a group named Hack The Planet (HTP) exploited a vulnerability in Adobe’s ColdFusion application server. It assured users their data was protected with adequate encryption.

Linode hacked

“Credit card numbers in our database are stored in encrypted format, using public and private key encryption,” Linode noted in a blog post.

“The private key is itself encrypted with passphrase encryption and the complex passphrase is not stored electronically.

“Along with the encrypted credit card, the last four digits are stored in clear text to assist in lookups and for display on things like your Account tab and payment receipt emails. We have no evidence decrypted credit card numbers were obtained.”

HTP has claimed it has access to those keys, however, as it was stored on the same server it compromised, as noted in this online transcript showing a conversation between Linode customers and HTP hacker Ryan_.

Even though passwords for the Linode Manager product were salted and hashed, the company reset them anyway.

However, certain passwords for Lish, the Linode Shell, which allows users to access server consoles even when networking is disabled, were stored in plain text on the database. That has been corrected and passwords reset.

“Our entire team has been affected by this, leaving all of us, like you, feeling violated,” Linode added.

If affected Linode customers have reused their Linode passwords on any other services, they should change the passwords on these services too, as HTP could work its way round other services trying the passwords it has acquired.

This is the second time in just over a year a Linode breach has gone public. Last March, servers it hosted were hit and the hackers made off with bitcoins worth hundreds of thousands 0f dollars.

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

21 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

22 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

23 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago