

Cloud 66 Security Compromise - akh

Cloud 66 Team hello@cloud66.com via mail123.us2.mcsv.net<p>URGENT:<p>We have just identified a malicious activity on Cloud 66.<p>To protect your servers change your API keys and enable termination protection on AWS accounts you have.<p>We strongly recommend changing all cloud keys.<p>We have shut down the site and will keep you posted.
======
nwh
DigitalOcean locked all Cloud 66 API accounts on their side a few days ago.
There's more information about it on the second post here —
<http://digitaloceanstatus.com/>

Essentially it looks like somebody on Cloud 66s side found a way to remotely
destroy hundreds of instances.

------
citricsquid
Looks like there was a security incident 2 days ago and now they believe that
the problem is a data leak and not poor application security:
<http://blog.cloud66.com/>

~~~
kmfrk
Indeed. This was the e-mail they sent out:

\---

Today we had a major service incident on our site. As a result of this
incident some of our customers lost their virtual servers.

We are still investigating the cause of the issue and our service will be shut
down until the investigation is over.

# Here is what we know #

\- There hasn't been any signs of security breach or abnormal activity
anywhere on our systems.

\- All sensitive information is encrypted throughout the system, including
cloud API keys.

\- The affected stacks were across Digital Ocean, AWS and Rackspace.

# Here is what we are doing #

\- We are working hard to find the root of the issue, but we need to keep the
systems shut down until we are sure our customers are not exposed.

# Here is what you can do to restore your service #

\- If you are not affected by this issue, you will not be able to redeploy
until the service is restored. We will keep you posted.

\- If you are affected by this issue, we can help you with your latest
deployment Git SHA (if you don't have it), redirecting your traffic from our
DNS.

\- If you are affected and were running on Digital Ocean, they might be able
to restore your server from an automatic pre-destroy snapshot they take.

We are very sorry about this and understand the disruption it has caused to
all of our users, we are working hard to restore the service as soon as
possible.

------
kmfrk
Thank gods I used a separate AWS key for this. I wasn't even sure I had.

Let that be a lesson.

------
cobrabyte
Ugh. They shut down their chat room, as well.

So, absolutely zero information coming from Cloud66. Time to find a new
provider.

------
nodata
> We have shut down the site and will keep you posted.

Yeah... that's an odd reaction.

~~~
speeq
Why? They're investigating the issue, what would you do in their situation?

~~~
nodata
Put up an info page.

------
beachstartup
does anyone know what cloud66 does/did? i can't find anything descriptive on
the internet that isn't shut down.

~~~
rrouse
They provided a service that would shell into your servers and install the
software needed to run your app for you. It was meant to take the burden of
writing chef/puppet scripts to build and scale your app environment

