Re: [PLUG] Time Warner and Linode report possible password breaches

[Doug Stewart <zamoose@gmail.com>]

Based on what I've read, it's really bad. Looks like maybe a former employee either is directly responsible or perhaps sold off login credentials to malicious third parties who have been targeting the Linode Manager in particular with the DDoS to make it even harder for Linode customers to process their password resets.

We're looking to get any of our gear that's on Linode off.

HN thread, so take it with a grain of salt, but

https://news.ycombinator.com/item?id=10845170

On Thu, Jan 7, 2016 at 11:40 AM, Mike DePaulo <mikedep333@gmail.com> wrote:

Thanks,

On Thu, Jan 7, 2016 at 11:34 AM, Justin Reans <jreans@gmail.com> wrote:
> This article was just published today, and mentions Linode, which is asking
> users to update their Linode passwords ASAP. See links below.
>
> Original story:
> http://arstechnica.com/security/2016/01/time-warner-and-linode-report-possible-password-breaches/
>
> Linode response:
> https://linode.statuspage.io/incidents/ghdlhfnfngnh

They state "securely hashed passwords". However, they did not
explicitly state whether they are salted or what hashing algorithm is
used.

> "Effective immediately, Linode Manager passwords have been expired. You will
> be prompted to set a new password on your next login. We regret this
> inconvenience, however this is a necessary precaution."

-Mike
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

--

-Doug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug