Hosting service provider Code Spaces had most of its data, backups, machine configurations and offsite backups either partially or completely disappear after an encounter with an unknown hacker. And as it scrambles to help customers retrieve their data, Code Spaces has already decided it cannot recover from this incident and will be going out of business, according to a message sent to customers and posted on its homepage.
Over the course of 12 hours starting Tuesday, Code Spaces was the target of a seemingly normal Distributed Denial of Service attack, which then escalated.
Also, an unauthorized person, who doesn’t appear to be a current or former Code Spaces employee, had gained access to its Amazon EC2 control panel. This individual left messages for Code Spaces and an email address at which to contact them in an attempt to extort a great deal of money to call off the attack.
Code Spaces tried changing the password to access the control panel, yet this was no use since the intruder had already created a number of backup logins to the panel. When Code Spaces attempted a recovery of the account, the intruder randomly deleted artifacts from the panel.
When Code Spaces regained control panel access, the intruder had removed all Amazon EBS snapshots, S3 buckets, all Amazon Machine Images, some EBS instances and several machine instances.
The company stated: “Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in a irreversible position both financially and in terms of on going credibility.”
This incident is a harsh lesson in the potential impact of a security breach and the importance of doing everything possible to prevent something like this from happening. The online security community has identified a few of Code Spaces’ missteps including having its regular off-site backups being accessible through the AWS control panel, and it could have used multi-factor authentication to secure the AWS account.