- ‘Shrill’ season 2 expands its world and point of view 6 Years Ago
- Trans/Sex: Let trans art be messy, weird, and uncomfortable Today 6:00 AM
- Pediatrician gets death threats after pro-vaccine TikTok video Monday 9:37 PM
- This Australia-themed dildo is raising money to fight the bushfires Monday 8:26 PM
- Influencers say they’ve received unwanted sexual solicitations worth thousands Monday 7:39 PM
- Pregnant woman masterfully trolls gender-obsessed relative Monday 3:05 PM
- HBO’s ‘Curb Your Enthusiasm’ returns from a 2-year break with brand new ways to make you cringe Monday 3:00 PM
- Far-right accused of impersonating antifa online to encourage violence at Richmond rally Monday 1:59 PM
- Second Amendment protesters defend gun rights with truly terrible signs Monday 12:52 PM
- David Lynch surprises fans by dropping Netflix short out of the blue Monday 12:29 PM
- Poop-focused parody of Kent State Gun Girl sparks conservative ire Monday 11:58 AM
- 6-year-old raises $250K for Australian bushfires by making clay koalas Monday 11:31 AM
- What you need to know about Clearview AI and its facial recognition app Monday 10:36 AM
- Apple TV+ gets its first SAG Award while Netflix and Amazon nab 2 each Monday 10:07 AM
- Facebook apologizes for translating Chinese president’s name to ‘Mr. Sh*thole’ Monday 9:45 AM
Data protection company Code Spaces shutters after hackers destroy data
Let this be a lesson: Back up everything.
Code Spaces, a source code hosting service that offers its users a suite of project management tools, has closed permanently after a devastating hack totally wiped vast swathes of vital data.
The 7-year-old company’s website now appears to be offline, but the company issued a statement after the hack became known, a cached version of which is available here. “On Tuesday the 17th of June 2014 we received a well orchestrated DDOS against our servers,” the statement reads; “On this occasion… the DDOS was just the start.
“An unauthorised person who at this point who is still unknown… had gained access to our Amazon EC2 control panel and had left a number of messages for us to contact them… Reaching out to the address started a chain of events that revolved arount [sic] the person trying to extort a large fee in order to resolve the DDOS.”
The Code Spaces team began to investigate and attempted to retake control of their control panel—at which point “upon seeing us make the attempted recovery of the account [the hacker] proceeded to randomly delete artifacts from the panel. We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances.
“In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.”
So catastrophic are the actions of the as-yet unknown hacker—”all we can say is that we have no reason to think it’s anyone who is or was employed with Code Spaces”—that the company has been forced to make the decision to close permanently.
“The cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for,” the company’s statement reads, “will put Code Spaces in a irreversible position both financially and in terms of on going credibility.”
Code Spaces had previously promised to be able to protect user data from such attacks, offering “full redundancy” and describing how they “have invested a great deal of time and effort in developing a real-time backup solution that allows us to keep off-site, fully functional backups of your data.”
“Backing up data is one thing, but it is meaningless without a recovery plan, not only that a recovery plan – and one that is well-practiced and proven to work time and time again,” a cached version of their website reads. “Code Spaces has a full recovery plan that has been proven to work and is, in fact, practiced.”
Code Spaces’ data was hosted by Amazon Web Services (AWS), which offers a wide range of “multi-factor authentication” security measures. It’s unclear at this time which measures Code Spaces were employing, and how the hacker was able to circumvent them.
Security expert Rob Ayoub told CSO Online that whilst the details of the case are still not fully known, he “hope[s] that Amazon might offer some forensics help, because I feel ultimately there is a shared responsibility for security between Amazon and its customers.”
Company representatives on Twitter have admitted that they had not implemented two-stage authentication, and they believe a compromised username and password was how the hacker gained initial access to their AWS control panel.
@chrismckee No this was our mistake, i can only assume our login and password was comprimised
— CodeSpaces (@CodeSpaces) June 18, 2014
The company has remained active on social media, fielding questions from the public. A “full detailed report” will, they promise, be released soon.
@dotcommike our priority right now is supporting our customers, but a full detailed report will be published soon
— CodeSpaces (@CodeSpaces) June 18, 2014
Photo via The National Archive (U.K.) / Wikimedia Commons (CC 3.0)
Rob Price is a technology and politics reporter who served as the U.K.-based morning editor for the Daily Dot until 2014. He now works as the news editor for Business Insider, and his work has appeared in Vice, Slate, the Washington Post, and the Independent.