- The new ‘Cats’ trailer is here to make you want to claw your eyes out Thursday 7:59 PM
- Bella Thorne claims Tana Mongeau ‘broke girl code’ in a series of messy tweets Thursday 7:00 PM
- Redditors keep this data engineer’s plants alive for him Thursday 5:20 PM
- Professor writes article defending ‘Asian romantic preference’—and no one is here for it Thursday 4:57 PM
- Ditch Pornhub and support adult content creators instead Thursday 4:46 PM
- Fans grieve Kyoto Animation Studio fire with #PrayforKyoAni Thursday 4:18 PM
- Netflix’s ‘Secret Obsession’ isn’t just terrible—it’s boring as hell Thursday 3:30 PM
- Instagram expands experiment of hiding likes to 6 more countries Thursday 3:20 PM
- Man asks woman to stop speaking Spanish on a plane—and bystanders start speaking Spanish Thursday 12:55 PM
- Schumer calls on FBI, FTC to investigate FaceApp Thursday 12:41 PM
- Netflix loses subscribers—but hopes some tentpole shows can save it Thursday 12:10 PM
- Man utterly roasted for saying women can’t ask for equality in revealing clothing Thursday 12:07 PM
- Instagram struggles to remove photos of Bianca Devins’ dead body Thursday 11:14 AM
- ‘Storm Area 51’ creator says its gotten so big he’s worried about the FBI Thursday 10:49 AM
- Everyone loves Q baby, the baby who apparently supports QAnon Thursday 9:53 AM
Data protection company Code Spaces shutters after hackers destroy data
Let this be a lesson: Back up everything.
Code Spaces, a source code hosting service that offers its users a suite of project management tools, has closed permanently after a devastating hack totally wiped vast swathes of vital data.
The 7-year-old company’s website now appears to be offline, but the company issued a statement after the hack became known, a cached version of which is available here. “On Tuesday the 17th of June 2014 we received a well orchestrated DDOS against our servers,” the statement reads; “On this occasion… the DDOS was just the start.
“An unauthorised person who at this point who is still unknown… had gained access to our Amazon EC2 control panel and had left a number of messages for us to contact them… Reaching out to the address started a chain of events that revolved arount [sic] the person trying to extort a large fee in order to resolve the DDOS.”
The Code Spaces team began to investigate and attempted to retake control of their control panel—at which point “upon seeing us make the attempted recovery of the account [the hacker] proceeded to randomly delete artifacts from the panel. We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances.
“In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.”
So catastrophic are the actions of the as-yet unknown hacker—”all we can say is that we have no reason to think it’s anyone who is or was employed with Code Spaces”—that the company has been forced to make the decision to close permanently.
“The cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for,” the company’s statement reads, “will put Code Spaces in a irreversible position both financially and in terms of on going credibility.”
Code Spaces had previously promised to be able to protect user data from such attacks, offering “full redundancy” and describing how they “have invested a great deal of time and effort in developing a real-time backup solution that allows us to keep off-site, fully functional backups of your data.”
“Backing up data is one thing, but it is meaningless without a recovery plan, not only that a recovery plan – and one that is well-practiced and proven to work time and time again,” a cached version of their website reads. “Code Spaces has a full recovery plan that has been proven to work and is, in fact, practiced.”
Code Spaces’ data was hosted by Amazon Web Services (AWS), which offers a wide range of “multi-factor authentication” security measures. It’s unclear at this time which measures Code Spaces were employing, and how the hacker was able to circumvent them.
Security expert Rob Ayoub told CSO Online that whilst the details of the case are still not fully known, he “hope[s] that Amazon might offer some forensics help, because I feel ultimately there is a shared responsibility for security between Amazon and its customers.”
Company representatives on Twitter have admitted that they had not implemented two-stage authentication, and they believe a compromised username and password was how the hacker gained initial access to their AWS control panel.
@chrismckee No this was our mistake, i can only assume our login and password was comprimised
— CodeSpaces (@CodeSpaces) June 18, 2014
The company has remained active on social media, fielding questions from the public. A “full detailed report” will, they promise, be released soon.
@dotcommike our priority right now is supporting our customers, but a full detailed report will be published soon
— CodeSpaces (@CodeSpaces) June 18, 2014
Photo via The National Archive (U.K.) / Wikimedia Commons (CC 3.0)
Rob Price is a technology and politics reporter who served as the U.K.-based morning editor for the Daily Dot until 2014. He now works as the news editor for Business Insider, and his work has appeared in Vice, Slate, the Washington Post, and the Independent.