[stevenbrianhall]

Regarding #1, an update from Linode was just posted:

"Our investigation has revealed a customer support interface was used to access your account. The compromised credentials have been restricted and we are discussing policy changes to prevent this from recurring."

[mmaunder]

I'm a Linode fanboy, but we need maximum transparency on what occurred and what's being done. What support interface? How compromised? Who's credentials, etc.

[redthrowaway]

Hopefully they're working on it, and will give a post mortem once they get it sorted out. I'm inclined to show patience and not demand they do anything other than ascertain the scale of the breach, alert those affected, and secure their systems at this point. Later, they can get into what happened and how they will avoid it in the future.

[marshray]

We can't wait for a full postmortem before Linode says anything.

Linode can't just leave us all wondering about our own security while pouring over over someone else's Pastebins.

[ErneX]

Me too, I've been recommending them a lot and really like their service. I just checked our 2 boxes uptimes just in case.

[lawnchair_larry]

Where are you reading this? The status page and the blog have no mention of the incident.

[ErneX]

It's from his e-mail conversation with Linode support: http://pastebin.com/UW7iT5fj

[gcb]

So hardly "from linode"

More accurately "according to somebody at linode"

[rweir]

er no, either. ITYM "according to an alleged discussion with a Linode employee".

[nbpoole]

That update had already been released when I made my original comment (hence why I said "a customer service interface was compromised via stolen credentials"). It doesn't reveal how the credentials were compromised, nor how the attacker managed to use them to log in.