An attacker deletes almost all customer project data after a botched blackmail attempt
Code hosting and collaborative development service Code Spaces is ceasing operations after an unidentified attacker erased almost all of its customer data, together with backups.
The incident started with a Distributed Denial of Service (DDoS) attack on Tuesday, which diverted the attention from the fact that the hacker gained access to Code Spaces’ Amazon EC2 control panel. Once in charge, they blackmailed the company, demanding “a large fee”.
When the administrators attempted to wrestle the control back, the attacker started deleting customer data at random, until almost nothing was left.
“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility,” states the post on the Code Spaces homepage.
“As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us.”
Pain and suffering
Code Spaces is operated by AbleBots from New Jersey, US. On Tuesday, as it was suffering from a DDoS attack, the company received a number of messages from the hacker who had logged into its cloud control panel.
The messages asked for a ransom, the amount of which Code Spaces did not specify, and included an email address for future contact.
Rather than pay up, the administrators decided to investigate the issue and attempt to secure the cloud infrastructure. Unfortunately, the attacker had already created a number of backup logins and when the team tried to recover the accounts, started erasing parts of the system.
“We finally managed to get our panel access back but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances,” said the statement.
“In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.”
It’s not clear just how the hacker managed to obtain log-in credentials, but Code Spaces is convinced that its Private Keys were not compromised. The company added that it has no reason to think that the attack was carried out by any current or former employee.
In the coming weeks, AbleBots will focus on supporting the affected customers in exporting any remaining data they have left on the system.
“All that we can say at this point is how sorry we are to both our customers and to the people who make a living at Code Spaces for the chain of events that lead us here,” concludes the statement.
Code Spaces previously claimed that it operates a well-practiced and proven data recovery plan that involves data centres on three continents.
How well do you know network security? Try our quiz and find out!