Hacker News new | past | comments | ask | show | jobs | submit login
Cloud 66 Security Compromise
64 points by akh on May 10, 2013 | hide | past | favorite | 11 comments
Cloud 66 Team hello@cloud66.com via mail123.us2.mcsv.net


We have just identified a malicious activity on Cloud 66.

To protect your servers change your API keys and enable termination protection on AWS accounts you have.

We strongly recommend changing all cloud keys.

We have shut down the site and will keep you posted.

DigitalOcean locked all Cloud 66 API accounts on their side a few days ago. There's more information about it on the second post here — http://digitaloceanstatus.com/

Essentially it looks like somebody on Cloud 66s side found a way to remotely destroy hundreds of instances.

Looks like there was a security incident 2 days ago and now they believe that the problem is a data leak and not poor application security: http://blog.cloud66.com/

Indeed. This was the e-mail they sent out:


Today we had a major service incident on our site. As a result of this incident some of our customers lost their virtual servers.

We are still investigating the cause of the issue and our service will be shut down until the investigation is over.

# Here is what we know #

- There hasn't been any signs of security breach or abnormal activity anywhere on our systems.

- All sensitive information is encrypted throughout the system, including cloud API keys.

- The affected stacks were across Digital Ocean, AWS and Rackspace.

# Here is what we are doing #

- We are working hard to find the root of the issue, but we need to keep the systems shut down until we are sure our customers are not exposed.

# Here is what you can do to restore your service #

- If you are not affected by this issue, you will not be able to redeploy until the service is restored. We will keep you posted.

- If you are affected by this issue, we can help you with your latest deployment Git SHA (if you don't have it), redirecting your traffic from our DNS.

- If you are affected and were running on Digital Ocean, they might be able to restore your server from an automatic pre-destroy snapshot they take.

We are very sorry about this and understand the disruption it has caused to all of our users, we are working hard to restore the service as soon as possible.

Thank gods I used a separate AWS key for this. I wasn't even sure I had.

Let that be a lesson.

Ugh. They shut down their chat room, as well.

So, absolutely zero information coming from Cloud66. Time to find a new provider.

> We have shut down the site and will keep you posted.

Yeah... that's an odd reaction.

Why? They're investigating the issue, what would you do in their situation?

Put up an info page.

does anyone know what cloud66 does/did? i can't find anything descriptive on the internet that isn't shut down.

They provided a service that would shell into your servers and install the software needed to run your app for you. It was meant to take the burden of writing chef/puppet scripts to build and scale your app environment

It's basically a host-agnostic service that allows you to deploy to all kinds of hosts from a repo, if that makes any sense. One of the main appeals are simplicity and not being married to one single PaaS.

Here's the original announcement that explains it quite well: https://news.ycombinator.com/item?id=5213862.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact