Code Spaces, a code-hosting and software collaboration platform used by different organizations for project management and development needs, was forced to shut down operations after an attacker compromised its internal system and deleted its customer’s data and backups as well.
This is really a nightmare for the code-hosting company based in Coventry, UK that claimed to offer "Rock Solid, Secure and Affordable Svn Hosting, Git Hosting and Project Management." Codespaces.com homepage shows a lengthy explanation on the attack and an apology from its customer.
“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility,” read the note. “As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us.”
The devastating security breach began with a Distributed Denial of Service (DDoS) attack over a period of 12 hours on 17 June followed by an attempt to extort money from the company.
The attacker also had gained unauthorized access to the control panel for the company's Amazon Web Service account (AWS) Elastic Compute Cloud (EC2) console and left extortion demands for the company officials along with a Hotmail address they were supposed to use to contact the attackers.
"Reaching out to the [email] address started a chain of events that revolved around the person trying to extort a large fee in order to resolve the DDoS," the company said on its homepage.
“Upon realization that somebody had access to our control panel, we started to investigate how access had been gained and what access that person had to the data in our systems,” Code Spaces said. “It became clear that so far no machine access had been achieved due to the intruder not having our private keys.”
The company changed its EC2 passwords, but when the system admins attempted to regain control of the system, and once recovery attempts were noticed, the hackers started deleting all the company's data, backups, machine configurations and off-site backups from the panel, leaving the company’s website unable to operate.
“We finally managed to get our panel access back, but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances,” Code Spaces said. “In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.”
The code-hosting website said it is now working to recover whatever data may be left so that customers can regain access to their files and migrate the remaining data to other services. All Git repositories and some svn nodes are available for export, although their backups and snapshots have been completely deleted.
Most of Code Spaces' Apache Subversion repositories and all Elastic Block Store (EBS) hosted database files and all virtual machines have also been erased, along with their backups and snapshots.
"Backing up data is one thing, but it is meaningless without a recovery plan, not only that [but also] a recovery plan—and one that is well-practiced and proven to work time and time again," the cache stated. "Code Spaces has a full recovery plan that has been proven to work and is, in fact, practiced."
After Ransomware such as CryptoLocker and CryptoWall, DDoS attacks have now become new trend for cybercriminals to extort a large amount by targeting various big and reputed companies.
Few days back, the popular RSS feed, Feedly and the note-taking and archiving site, Evernote also faced the same kind of attack and were briefly forced by the hackers to pay a ransom and luckily both the companies soon recovered from the attack. But, Code Spaces wasn’t so lucky. This is really a scarier incident in company’s life.