

Ask HN: Rackspace email addresses hacked? - ScottWhigham

We received an email this morning - anyone else? Just enough information to scare the snot out of you but not enough for you to make intelligent decisions.<p>====================<p>Urgent Information Regarding Passwords for Accounts You Administer<p>Dear Rackspace Customer,<p>We have recently corrected a potential vulnerability that may have allowed external access to some of your end-user&#x27;s credentials. To be safe, we have initiated a process to reset the passwords for some of your users&#x27; mailboxes.  If any of your users cannot access their mailbox, please log in to your Admin Control Panel to change the password and to allow access to your user once again. Please note that your admin credentials were not at risk.<p>We apologize for the inconvenience this causes you and&#x2F;or your end users. As with any potential security threat, it is recommended that you monitor your account(s) for any unusual activity and recommended that you use strong and unique passwords.<p>====================
======
ScottWhigham
Just got off the phone with RS and what happened was that, during a migration,
there was "concern" that "the CSV file that contains the encrypted passwords
for about 8% of mailboxes" was "not as secure as our standards dictate it
should be." I was told they have no evidence of a hack or of access to the
file but that they did a manual scramble of those 8% of email account
passwords "just to be sure".

------
b_ry
Whats does the header of the E-Mail look like?

~~~
ScottWhigham
On the off chance you aren't trolling, I know 100% it's from RS.

