Earlier this month, Rackspace suffered a ransomware attack on its Hosted Exchange service. The company brought in CrowdStrike and the intrusion was limited to that service only, according to RS.
The Hosted Exchange service was a legacy product that accounted for a tiny amount of revenue (less than 1%, according to RS). In 2022, most people who want to use Outlook are on Microsoft’s Office 365. But it’s not surprising that some customers who’ve been hosting with Rackspace since before O365 existed haven’t quite got around to moving yet.
I’m sure they’ve moved now.
According to one of the suits, Rackspace’s was slow to respond to and communicate about the outage:
“That Rackspace offered opaque updates for days, then admitted to a ransomware event without further customer assistance is outrageous,” says Scott Cole, the principal attorney on the case. “Despite hundreds of data breaches every year in this country, I am receiving reports of vulnerabilities in Rackspace’s hosting environment that go back over a year. That, and a seeming lack of backup protocols is why a lawsuit like this is critical.”
At least three class-action suits have been filed.
Related Posts:
Whatever Happened About that Provider Who Claimed a Virtualizor Bug Caused a Breach?
Nyr's Legendary Road Warrior Script: Still the Rock Solid Go-To for Easy VPN!
Provider Claims Virtualizor WHMCS Plugin Vulnerability Caused Breach. Virtualizor Doesn't Agree.
If Your Biometric Data is Stolen, Should You Care? Probably Not.
Knock, Knock: How to Shield Your VPS From Port Scanning with Port Knocking
So How Exactly Do You Learn About Security Issues on Your VPS?
Raindog308 is a longtime LowEndTalk community administrator, technical writer, and self-described techno polymath. With deep roots in the *nix world, he has a passion for systems both modern and vintage, ranging from Unix, Perl, Python, and Golang to shell scripting and mainframe-era operating systems like MVS. He’s equally comfortable with relational database systems, having spent years working with Oracle, PostgreSQL, and MySQL.
As an avid user of LowEndBox providers, Raindog runs an empire of LEBs, from tiny boxes for VPNs, to mid-sized instances for application hosting, and heavyweight servers for data storage and complex databases. He brings both technical rigor and real-world experience to every piece he writes.
Beyond the command line, Raindog is a lover of German Shepherds, high-quality knives, target shooting, theology, tabletop RPGs, and hiking in deep, quiet forests.
His goal with every article is to help users, from beginners to seasoned sysadmins, get more value, performance, and enjoyment out of their infrastructure.
You can find him daily in the forums at LowEndTalk under the handle @raindog308.
Whenever I come to this forum, I learn a lot. I wait for new posts from you. Thanks for sharing.
This is a concerning development—lawsuits like these raise serious questions about accountability, transparency, and risk management. It will be interesting to see how the Rackspace cases unfold and what lessons businesses can take away around security, contracts, and preparedness moving forward.