I'm not sure if I've been sensitised to PR weasel-wording that these things tend to gather (and get blasted for in HN comments), but it's quite refreshing to see something as blunt as "We apologize for our failure to maintain an adequate level of security on our public Slicehost forum, and for any inconvenience this may cause you."
No "mistakes were made", or "We're sorry if you're unhappy about this issue" or any of the other Non-apology apologies[1]
A couple of years ago I started receiving a lot of spam to rackspacecloudservers@firstnamelastname.com. I've opened support tickets asking whether they had a known breach but they simply closed my tickets without explanation, and any attempt to use their live chats were closed immediately by their staff or completely ignored. I used to hold Rackspace in such high esteem; I wonder what happened?
First Linode and now Slicehost. What's happening to quality VPS these days?
Just a wild guess here, but perhaps the same person who compromised Linode's customer service portal was also trying to see if any of his targets were reusing their Slicehost account credentials in the forum?
A support forum being compromised is much different than using the company's internal tools to root systems. I'm guessing they use a 3rd party support forum (eg vBulletin). Maybe a vulnerability in it lead to the breach?
However, if you used your Slicehost forum I.D. and password in other places, including any Rackspace account, we recommend that you change those I.D.s and passwords. In fact, the next time you attempt to access the Slice Manager, you will be required to change your password. If you use the same password for the forum and for your Slicehost account, and you also use an API key, we recommend that you consider changing the API key as well.
No "mistakes were made", or "We're sorry if you're unhappy about this issue" or any of the other Non-apology apologies[1]
[1] https://en.wikipedia.org/wiki/Non-apology_apology#The_Perfec...