I have the exact same feelings/experience about Linode. I really liked their service but I cannot trust a company that doesn't promptly inform it's users that their credit card info has been compromised.
Please, lets not rehash the past again and again. If you want more information, this has already been heavily discussed on HN.
Compromised Linode, thousands of BitCoins stolen (bitcoinmedia.com)
316 points by tillda 510 days ago
https://news.ycombinator.com/item?id=3654110
Linode hacked, CCs and passwords leaked (slashdot.org)
732 points by DiabloD3 101 days ago
https://news.ycombinator.com/item?id=5552756
The story around the Linode hack (straylig.ht)
349 points by foofoobar 79 days ago
https://news.ycombinator.com/item?id=5667027
All of which were publicly acknowledged are reasonably quickly. I didn't ask about breaches. I asked about ones that were not acknowledged or not acknowledged quickly which is what was claimed. ;)
I really wish you'd just read those threads instead of forcing it all to be re-hashed in yet another thread.
Brief summary: according to the hackers involved, they struck a deal with Linode whereby, if Linode made no moves to disclose the attack, the hackers would shred all of the data they had grabbed. Instead, the FBI forced Linode's hand in the matter. Even if that's not true -- and, in this incident, the hackers came out as more believable than Linode IMO -- there still was no mention of the incident on the Linode blog until after the hackers had claimed credit on Linode's IRC channel and the news of that had started making the rounds. This is identical to the previous incident, where Linode said nothing until after a customer started complaining loudly on their user forums.
Then, Linode wasn't forthcoming with details, despite the hack having occurred a couple of days prior. The second update from Linode came only after additional information had been made public by the hackers, and provided no information beyond what had already become public. Linode claimed that customers' credit card information was still secure, but the hackers claimed otherwise and in the days and weeks following the event, several people claiming to be Linode customers claimed that they were seeing suspicious activity on cards that could reasonably be traced back to Linode (cards that were Linode-specific or used for few enough other services).
The way that Linode has handled both incidents has left me, and many others, with the impression that they simply will not disclose that they've been compromised unless forced to by someone else -- a customer or the attacker(s) -- and then they'll attempt to be very opaque and not-specific about the incident.
It's a shame, because aside from this, I really like Linode. I wouldn't even be interested in looking at other VPS providers if it weren't for this. But now I'm being negligent if I continue to host customer data & services on Linode. I don't know yet if anyone else handles this sort of thing better, but I do know how Linode handles it and it's not good.
This'll be my only comment on this subject. You (or others that are interested) really should just go over past threads discussing the incident.
I didn't force you to re-hash. Maybe I'm just not cynical enough to believe a thief that appears to be on an egotrip [which is realistically what the hackers in this instance are].
They made a mistake on the 12th and corrected it by the [with some forum posts in between those two dates and someone claiming responsibility between those two dates] 16th. I'm not seeing the issue in regards to the previous question except 'Hackers say otherwise'.
None of those threads date before the 12th which was kind of the point. I generally assume incompetence before malice while everyone else seems to be the reverse.
Except this was after Linode did a "password reset" email to their customers on the Friday 04/12 without explaining anything and saying everything was fine. Said blog post on 04/16 after log files were released in which the hacker basically said linode paid them to keep quiet about the "incident"
https://blog.linode.com/2013/04/16/security-incident-update/