Code Spaces had to be closed after a prolonged 12-hour massive Distributed Denial of Service (DDoS) attack and extortion attempt. Code Spaces has put up a notice stating that “We are experiencing massive demand on our support capacity, we are going to get to everyone it will just take time” on its site.
The post put up on the blog seems to suggest that some unauthorized person gained access to Code Spaces’ Amazon EC2 control panel and asked to be contacted by the company. When Code Spaces contact the person fearing breach of its control panel, the hacker requested a large sum of money to restore the site. While the company was communicating with the hacker, it tried to gain control of the control panel. However the hacker smelled a rat and started deleting crucial backup files.
“Most of our data, backups, machine configurations and offsite backups were either partially or completely deleted,” the company said. “All that we can say at this point is how sorry we are to both our customers and to the people who make a living at Code Spaces for the chain of events that lead us here.”
We are expecting a full report from Code Spaces once it sorts out its security issues. However those readers who have stored data on the site can email email@example.com with an account URL, and if you’re lucky, some remaining files will be returned to you. It is also not known whether the hacker only deleted files or downloaded the user files with financial and personal information.
“All that we have to say at this point is how sorry we are to both customers and to the people who make a living at Code Spaces for the chain of events that lead us here,” the company said.
The event is the latest in a series of security breaches that have happened in June 2014. Feedly, the RSS service provider was brought down for two day by a similar DDoS attack and later Evernote was similarly assaulted and went offline for couple of hours. Similarly, Ancestry.com just recovered today from a prolonged three day DDoS attack, in which unknown attackers overloaded the site with traffic and crashed. Ancestry.com said in a post that no user information was compromised.