As suspected, hackers broke into Rackspace’s customer database during the ransomware assault last month.
Rackspace initially revealed the assault on December6, and the web giant was forced to take down its hosted email service after it had an effect on the company’s hosted Exchange email environment. Rackspace at the time said it didn’t know “what, if any, data was compromised.”
This past Friday, Rackspace announced an update to its incident response plan in which the company acknowledged that hackers had gotten access to the private information of 27 customers. PST files are used to keep copies of emails, calendar events, and contacts from Exchange accounts and email inboxes, and this is where Rackspace claims the hackers gained access.
About 30,000 of Rackspace’s customers were using the hosted Exchange service at the time of the ransomware outbreak, which Rackspace has decided to end.
Rackspace said, “We have already communicated our findings to these customers proactively, and importantly, according to Crowdstrike, there is no evidence that the threat actor actually viewed, obtained, misused, or disseminated any of the 27 Hosted Exchange customers’ emails or data in the PSTs in any way.” Customers who have not been contacted by the firm may “rest confident” that their information was not compromised.
Attacks on the Belgian port city of Antwerp and the H-Hotels hospitality business have been lately ascribed to the Play ransomware organisation, which Rackspace has identified as the source of the intrusion. To yet, there has been no indication that Rackspace has paid the ransom or that the stolen data has been posted on the leak site.
Rackspace’s networks were compromised by Play threat actors, as reported in the latest incident report update, due to their exploitation of CVE-2022-41080, a zero-day issue that Microsoft addressed in November and which has been tied to past ransomware attacks.
Subtly charming pop culture geek. Amateur analyst. Freelance tv buff. Coffee lover