Rackspace confirms customer data was hit in ransomware attack

Multiple customers had their data accessed, Rackspace says

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The hackers that attacked Rackspace in December 2022 did manage to access personally identifiable information on roughly two dozen customers, the company has confirmed following the forensic analysis of the event.

Fortunately, there is no evidence that the data obtained during the attack was abused, it added.

In December last year,ransomwareoperators using the Play malware variant targeted Rackspace, taking down its hostedMicrosoftExchange environment.

Migrating to Microsoft 365

Initially, the company reported of a “significant failure” in its Hosted exchange environment, also adding that the problem was “isolated to a portion of our Hosted Exchange platform”. The issues manifested themselves as “connectivity and login issues”, and took most of the weekend to address.

After restoring its services, Rackspace employed cybersecurity experts Crowdstrike to lead the forensic analysis, which determined that the attackers accessed some of its customers’ Personal Storage Table (PST) files, holding information such as emails, calendar data, contacts, and tasks.

In total, 27 customers have had their data accessed:

“Of the nearly 30,000 customers on the Hosted Exchange email environment at the time of the attack, the forensic investigation determined the threat actor accessed a Personal Storage Table (‘PST’) of 27 Hosted Exchange customers,” a Rackspace incident report read.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“We have already communicated our findings to these customers proactively, and importantly, according to Crowdstrike, there is no evidence that the threat actor actually viewed, obtained, misused, or disseminated any of the 27 Hosted Exchange customers' emails or data in the PSTs in any way.”

“Customers who were not contacted directly by the Rackspace team can be assured that their PST data was not accessed by the threat actor.”

Rackspace confirms “security incident” across some of its servers>Rackspace customers are still being affected by Microsoft Exchange issue>These are the best malware protection solutions today

Going forward, Rackspace will be discontinuing its Hosted Exchange environment and migrating customers to Microsoft 365. Apparently, that was always the plan, even before the incident.

“Finally, the Hosted Exchange email environment will not be rebuilt as a go-forward service offering,” Rackspace said.

“Even prior to the recent security incident, the Hosted Exchange email environment had already been planned for migration to Microsoft 365, which has a more flexible pricing model, as well as more modern features and functionality.”

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption