New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Haven't gotten anything, at least not yet.
I haven't received any email (yet)
Just checked their Facebook page, announcement on there, it affects everyone.
Insult to injury right now
Hoping for better times in their immediate future.
It's incredible how hard they are getting smashed lately.
Edit: and the blog with the announcement is down:
https://blog.linode.com/2016/01/05/security-notification-and-linode-manager-password-reset/
I wish more people supported client certificate authentication, then as long as the machine hosting the private key (which only has to respond to requests to sign certificates to send to users) isn't compromised then everything is safe.
I hope things get better for them soon, because I really liked their performance and support when I used them before.
Nothing here. Is it a legit email?
Yep I did.
I didn't get an e-mail, but after signing into control panel with old password it asked me to change it.
Found this on Google: http://pastebin.com/XqpwnUp0 (not sure if it matches the blog post, but it seems unlikely someone would paste a fake version that looks like the actual blog post..)
Edit: http://status.linode.com/incidents/ghdlhfnfngnh
tl;dr they have in fact been hacked, hashed passwords exposed
I've just logged on to linode manager and changed password anyway.
I never got an email regarding the announcement, however when you next login, it'll just prompt you to update your 2fa and password anyway.
Edit: The announcement is on their status page, http://status.linode.com/incidents/ghdlhfnfngnh
Oh, you mean it didn't prompt you to change password when you logged in?
From Ycombinator
Hacker News: Security Notification and Linode Manager Password Reset
it's https://news.ycombinator.com/item?id=10845170 (you linked to news.ycombinator.com)
Now their blog is being attacked
Looks like they got hacked again: https://vpsboard.com/topic/8330-linode-hacked
I know every host is going to have their share of issues...but damn.
Man, I've almost given out all my details when they had that $25 "free" if you pay $5 deal at black friday.
They still have my email but I haven't got any notification.
@gm2015 It is a secret shush don't tell anyone!
I don't know what you mean, but I abandoned the sign up and billing form after I've realized what the catch was.
The day I sign up for linode they reveal a breach.
Great
I've lost count of Linode breaches. Also, seeing some some damning(albeit anon) claims of coverup in that HN thread.
Guess they're permanently blacklisted for any client recommendations now.
Over a long period , FUD works even on me.
Any hosting companies that support client certificates as of today?
(now that even 2FA is getting compromised by some braindead implementations.)
I'd say 2FA offers comparable security to password + client certificate. But 2FA is annoying for users, whereas client certificate is pretty convenient (assuming your browser supports keygen), so people are more likely to use it.
If the 2FA implementation is braindead, then the client certificate implementation can be braindead too.
First dead pool of 2016?
However, people tend to forget to backup their client certificates when reinstalling the operating system.
Same issue for GPG keys... One might forget to backup the dot folders in their home directory, such as ~/.gnupg when reinstalling Linux.
For their benefit I hope the amount of customer leaked data is limited. Sounds like a very difficult situation.
Why would people reinstall their Linux?