Hosting company Linode resets passwords after possible hack

American hosting company Linode has reset all users’ passwords after two customers’ data was found on an ‘external machine’. The company, which has been plagued by DDOs attacks since Christmas, says it does not know who is behind the attacks.

Linode says in a blog post that three accounts of the company’s customers have been unauthorized logged in. As a result, Linode launched an investigation and found the data of two customers on ‘remote machines’. The hosting company deduces from this that unauthorized access to the customer database has been possible. This database contains email addresses, usernames, hashed passwords, and encrypted two-factor seeds. Therefore, as a precautionary measure, Linode has reset all customers’ passwords.

Since Christmas, Linode has suffered from persistent DDoS attacks on, among other things, its DNS services, which meant that they were not completely down, but were difficult to reach. The company says that all services have returned to normal since Tuesday. It is not clear whether there is a connection between the DDOs attacks and the leakage of customer data. No one would have come forward as responsible.

An employee of PagerDuty, a company that warns other companies if such incidents occur, claims that a July 2015 attack that leaked customer data was also due to this leak at Linode. So it would have taken a long time for the hosting company to come out with information about this incident. It is unclear what value can be attached to this claim, since the employee himself worked at Linode. Linode made headlines a few years ago after bitcoins were stolen in a hack.