DDoS attacks against cloud provider Linode appear to be ruse for breach of user accounts

Tools

Cloud hosting provider Linode has suffered a series of more than 30 distributed denial of service attacks that appear to be a diversion from a breach of user accounts.

In response to the breach, Linode is requiring customers to reset their passwords. On its status page, Linode explained that it discovered unauthorized access to three user accounts and the presence of user credentials on an external machine.

"This implies user credentials could have been read from our database, either offline or on, at some point. The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds. The resetting of your password will invalidate the old credentials," the company related.

The onslaught of DDoS attacks includes attacks against Linode's DNS and network infrastructure and public-facing websites, as well as Web and application servers. "It has become evident...that a bad actor is purchasing large amounts of botnet capacity in an attempt to significantly damage Linode's business," wrote Alex Forster, network engineer at Linode, in an update.

"Once these attacks stop, we plan to share a complete technical explanation about what has been happening. Additionally, we will be announcing the details of an ongoing project to significantly improve our internet connectivity and resiliency," Forster added.

For more:
- read the updates on Linode's status page

Related Articles: 
Understanding the ProtonMail DDoS attack and extortion
5 ways to stop a DDoS attack