Ask HN: Rackspace email addresses hacked?

2 points by ScottWhigham ↗ HN
We received an email this morning - anyone else? Just enough information to scare the snot out of you but not enough for you to make intelligent decisions.

====================

Urgent Information Regarding Passwords for Accounts You Administer

Dear Rackspace Customer,

We have recently corrected a potential vulnerability that may have allowed external access to some of your end-user's credentials. To be safe, we have initiated a process to reset the passwords for some of your users' mailboxes. If any of your users cannot access their mailbox, please log in to your Admin Control Panel to change the password and to allow access to your user once again. Please note that your admin credentials were not at risk.

We apologize for the inconvenience this causes you and/or your end users. As with any potential security threat, it is recommended that you monitor your account(s) for any unusual activity and recommended that you use strong and unique passwords.

====================

3 comments

[ 6.2 ms ] story [ 23.3 ms ] thread
Whats does the header of the E-Mail look like?
On the off chance you aren't trolling, I know 100% it's from RS.
Just got off the phone with RS and what happened was that, during a migration, there was "concern" that "the CSV file that contains the encrypted passwords for about 8% of mailboxes" was "not as secure as our standards dictate it should be." I was told they have no evidence of a hack or of access to the file but that they did a manual scramble of those 8% of email account passwords "just to be sure".