Following a thorough investigation, Rackspace has established that the cybercriminals who targeted the business in December 2022 had access to the personal information of almost two dozen customers.

Fortunately, it also said that there was no indication that any of the information stolen during the hack had been misused.

Rackspace’s hosted Microsoft Exchange environment was attacked by ransomware operators using the Play malware strain in December of last year.

Adjusting to Microsoft 365

The firm first reported a “major failure” in its Hosted exchange environment, adding that the issue was “limited to a piece of our Hosted Exchange platform.” These problems, which expressed themselves as “connectivity and login difficulties,” necessitated spending the most of the weekend fixing them.

After resuming service, Rackspace enlisted the help of cybersecurity firm Crowdstrike to conduct a forensic investigation, which revealed that the intruders had gained access to the Personal Storage Table (PST) files of some of the company’s customers. These PST files contained sensitive information such as customers’ emails, calendar entries, contacts, and tasks.

To far, 27 consumers have had their information accessed:

According to the Rackspace incident report, “the forensic analysis indicated the threat actor accessed a Personal Storage Table (‘PST’) of 27 Hosted Exchange customers.” This is out of the almost 30,000 customers using the Hosted Exchange email environment at the time of the assault.

There is no indication that any of the 27 Hosted Exchange customers’ emails or data in the PSTs were seen, acquired, abused, or spread, as stated by Crowdstrike, and we have already proactively disclosed our findings to these customers.

“Customers who were not notified immediately by the Rackspace team may be confident that their PST data was not accessed by the threat actor.”

Rackspace has decided to phase down its Hosted Exchange service in favour of Microsoft 365. Apparently, it was always the plan, even before the tragedy.

Rackspace has said that they will not be re-creating the Hosted Exchange email infrastructure as a future service offering.

“Even before to the current security problem, the Hosted Exchange email infrastructure had already been planned for migration to Microsoft365, which offers a more flexible price strategy, as well as more contemporary features and capability.”