I have said it before: I have a hard time trusting Linode after the major March 2012 security incident (HN thread: <a href="https://news.ycombinator.com/item?id=3654110" rel="nofollow">https://news.ycombinator.com/item?id=3654110</a> ; my comment: <a href="https://news.ycombinator.com/item?id=5339799" rel="nofollow">https://news.ycombinator.com/item?id=5339799</a>)<p>At the time they did not give much information. They did not do a follow up. They did not discuss plans to prevent the same type of breach. I am not surprised that today, they got breached again! <i>sigh</i><p>And again, they are making the same mistakes. They are not giving much information. They are not going to do a follow up. Etc.
so every time someone tries to make unauthorized attempts to access a single customer's account.. <i>all</i> customers are to be required to reset their passwords?
The Visa I was using for billing with Linode had an authorized "test charge" earlier this week, and I had the card number replaced. Now I see this, and it makes me wonder.
On one hand, I love Linode. It's a sweet Linux box in the cloud.<p>On the other hand, I have a hard time using it for anything sensitive. Quotes like "We have implemented all appropriate measures to provide the maximum amount of protection to our customers." somehow don't reassure me.
I wonder if this is another attempt at hacking an account containing bitcoins? Last time the thieves made out with close to 50k BTC if I recall correctly.
This incident has got me seriously thinking about switching VPS providers. Does anyone know of a VPS provider that offers two-factor authentication for its management interface?
It's good that Linode is taking security seriously, but the pessimist in me wonders; if all it takes to get a password reset site-wide is an attack on a single user, wouldn't that open up a whole new, rather aggravating attack aimed solely at making users fed up with having their password reset all the time?