This is what Linode employees along with the fine men and women from the Galloway police department had to deal with this afternoon – their SWAT team storming the Linode office, forcing everyone out for about an hour while they performed a sweep of the building room to room, complete with an explosives-sniffing dog (who was very happy). They had received a false report which provoked them to respond in this manner – and it’s their job, after all, to respond to reports, even if it turns out to be a hoax. They were great, and I thank them.
Not so coincidentally, about the same time we were made aware that an old personal server had a database accessed using old forum credentials obtained from the incident last year. This server is not under the umbrella of our security team because this server plays no role in Linode infrastructure. Unfortunately, it did have a restore of the phpBB forum database on it from 2010-03-03. Forum users that existed at that time and who haven’t changed their credentials since have had them revoked and will need to reset them. We regret that this happened and apologize for the oversight. We will be discussing new security policies to address scenarios like this.
On the subject of security, last year we stopped all other developments and focused on nothing but security for over six months. We did everything we could think of, from significantly reducing our Internet-facing footprint, to defining, testing, or improving practices and policies for going forward, to third-party penetration testing. We did this until we ran out of things to fix and ran out of ideas to pursue, and our security team continues to proactively assess our infrastructure and services. This was a monumental effort and a story that deserves to be told, but these efforts and their outcomes belong in a post of their own. Stay tuned.
We know how important transparency is and how we’ve needed to do a better job with it in the past, and well … this is the story.
As always, if you have any questions please feel free to contact us.
Christopher S. Aker
Linode founder & CEO
Filed under: announcements by caker