720-891-1663

Alerts, Best Practices, Breach

Rackspace Hosted Exchange Still Offline Over ‘Security Issue’

Leave a comment

In the face of a security incident that Rackspace is being very opaque about, Rackspace’s stock is down 15% today. Rackspace is still not providing much information about what the hell is going on.

Thousands of Rackspace customers globally continue to deal with the outage, which Rackspace says is related to a security incident (whatever that means).

In case you are not familiar with Rackspace, they are not a mom and pop operation. The have more than a quarter million customers and that includes the majority of the world’s 100 largest publicly traded companies.

I mention their size because you might be saying that “We” don’t have to worry about this because our cloud provider is large. So is Rackspace.

For Rackspace users, the problem began on Thursday and Rackspace shut down their environment on Friday to try and contain the damage. This is now Monday night and still no email and no update.

On Monday Rackspace announced that it was providing all customers a (temporary) free Office 365 WEB license (think of this as Microsoft’s version of GMail).

HOWEVER, in order to use it, customers must forward their Rackspace email to a different email address in the Microsoft 365 cloud, one user at a time or alternatively, move completely away from Rackspace. Neither of these solutions will give them access to their already received emails unless they are stored locally in Outlook or a similar desktop email app.

I anticipate the lawsuits will be filed soon.

The migration process for users is complicated and one wrong move could cause a customer to lose all of their email forever. Users are waiting on hold to talk to Rackspace about the problem for hours.

One security expert hypothesizes that Rackspace had not installed all of the recent Exchange patches – and there are a lot of them – and that is the source of the compromise. No one outside of Rackspace really knows and Rackspace is not saying. The expert said that the Shodan search engine showed that at least some of their servers were running Exchange build numbers from August, which is before the most recent patches.

Why am I writing about this today?

Because no company should assume that their cloud provider is “too big to fail”. I am sure that many Rackspace customers thought that Rackspace would never fail. Clearly, that “hope” failed.

If your disaster recovery and business continuity plan does not address failures at your cloud service providers, it needs to. It does not matter if the providers are big or small. Last year French cloud service provider OVH (a very large Amazon Web Services competitor in Europe) had a fire in one of their data centers. The company’s CEO held a press conference while the building was still smoldering saying that he recommended that their customers activate their Disaster Recovery/Business Continuity plan. Meaning – your servers have melted and your data, including backups that the company made, is gone. Have a nice day.

If you are not prepared for this and you need help, please contact us.

Credit: Data Breach Today

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2024 CyberCecurity, All rights reserved. Privacy Policy