I’m seeing mixed information online that Linode may have been hacked. The biggest collection of comments seems to be on the hacker news post. There are quite a few there saying they got new credit cards recently or have had suspicious charges.
I got a letter from my bank last early last month telling me I’d have a new card by March 25th. I got a new credit card by that date as well as a separate mailing for a PIN reset. The mailing from my bank did not mention which merchant triggered the card replacement.
I didn’t get the email from Linode until after I had a new card, which leads me to wonder if they’re related or merely a poorly timed coincidence. This post leads me to believe that it happened only 2 weeks ago, which is funny because I actually updated my Linode account to the new card a few days after the 1st. If it did in fact happen 2 weeks ago they would have had my old credit card number that was on file and already canceled by my bank.
Since Linode seems to be short on details at the moment I was hoping to aggregate some info regarding who’s a customer and was sent new cards from their bank recently. I haven’t noticed anything suspicious on my statements like some others noted.
Unfortunately there’s not a lot of clarity on what’s going on and Linode has been quiet since their email on Friday. I’d venture to say it’s a mix of truth and lies at this point.
This comment highlights the fact of how incompetent Linode staff would have to be. To me it’s a bit far fetched.
These guys are looking totally incompetent at this point.
If you believe this Ryan guy, credit cards stored on the same server as the key to decrypt them, Lish passwords stored in plain text, they’ve known for some time and lied about what actually happened and now they’re saying “we won’t do anything about it” via email?
“You are of course free to take any steps you deem prudent or necessary to ensure the integrity of your online presence.”
Edit: not to mention they “made a deal” with the hacker not to tell anyone? What the hell?