Linode VPS信用卡信息被盗

4月12日Linode发布了一个通告 引用如下:

Dear Linode customer,
Linode administrators have discovered and blocked suspicious activity on the Linode network.  This activity appears to have been a coordinated attempt to access the account of one of our customers.  This customer is aware of this activity and we have determined its extent and impact.  We have found no evidence that any Linode data of any other customer was accessed.  In addition, we have found no evidence that payment information of any customer was accessed.
We have been advised that law enforcement officials are aware of the intrusion into this customer’s systems. We have implemented all appropriate measures to provide the maximum amount of protection to our customers. Out of an abundance of caution, however, we have decided to implement a Linode Manager password reset. In so doing, we have immediately expired all current passwords. You will be prompted to create a new password the next time that you log into the Linode Manager. We also recommend changing your LISH passwords and, if applicable, regenerating your API key.
The following represent best practices in creating new passwords:
Avoid using simple passwords based on dictionary words
Never use the same password on multiple sites or services
Never click on ‘reset password’ requests in unsolicited emails – instead go directly to the service
We apologize for the inconvenience. If you have any questions, please do not hesitate to contact our support team at

大致是说,发现了系统内部有异样,有人试图去获取一些账户信息,但Linode同时说 没发现支付信息和账户信息被盗。然后Linode重置了每个客户账号的密码和API KEY,然后是一些防盗建议

但很讽刺的是,今天黑客组织HTP表示对Linode被入侵事件负责,并生成获取了:加密后的信用卡卡号, 明文卡号后四位,部分用户明文Lish密码,部分用户加密的密码,和API KEY。卡号信息是加密的【比CSDN好一点】,但是该组织同时发布了加密的公钥和私钥【据说还是放在一起的】。



沙发已有 无人占板凳 to “Linode VPS信用卡信息被盗”

  1. illusionwing Says: