Linode 因遭入侵而重置所有用户密码

著名的 Xen VPS 提供商 Linode 通知所有用户更改密码,因为检测到并已经屏蔽了在 Linode 网络上的可疑入侵行为。该入侵似乎是针对某个用户帐户的一次协调攻击。

虽然攻击针对的是某位用户,Linode 也确认了攻击的范围和影响,没有发现其他用户数据泄露的证据,也没有任何帐户的付款信息泄露。但是保险起见,Linode 还是重置了所有用户帐户的密码。系统会要求所有用户在登入 Linode Manager(Linode VPS 管理后台)的时候重新设置密码。Linode 同时建议所有用户更改自己的 LISH 密码,最好连 API key 也一并重新生成。


下面是 Linode 发出的通知全文:

Linode administrators have discovered and blocked suspicious activity on the Linode network.  This activity appears to have been a coordinated attempt to access the account of one of our customers.  This customer is aware of this activity and we have determined its extent and impact.  We have found no evidence that any Linode data of any other customer was accessed.  In addition, we have found no evidence that payment information of any customer was accessed.

We have been advised that law enforcement officials are aware of the intrusion into this customer’s systems. We have implemented all appropriate measures to provide the maximum amount of protection to our customers. Out of an abundance of caution, however, we have decided to implement a Linode Manager password reset. In so doing, we have immediately expired all current passwords. You will be prompted to create a new password the next time that you log into the Linode Manager. We also recommend changing your LISH passwords and, if applicable, regenerating your API key.

The following represent best practices in creating new passwords:

  • Avoid using simple passwords based on dictionary words
  • Never use the same password on multiple sites or services
  • Never click on ‘reset password’ requests in unsolicited emails – instead go directly to the service



2 条关于 “Linode 因遭入侵而重置所有用户密码” 的评论


您的电子邮箱地址不会被公开。 必填项已用 * 标注

您可以在评论中使用如下的 HTML 标记来辅助表达: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>