The hackers who attacked Rackspace in December 2022 managed to gain access to the personal data of about twenty customers, the company confirmed after forensic analysis of the incident.
Fortunately, there is no evidence that the data obtained during the attack was misused, he added.
Last December ransomware (opens in a new tab) operators using a variant of the Play malware attacked Rackspace by removing the hosted Microsoft Exchange environment.
Migrating to Microsoft 365
Initially, the company reported a “major outage” in its Hosted Exchange environment, also adding that the issue was “isolated to part of our Hosted Exchange platform.” The issues manifested as “connectivity and login issues” and took most of the weekend to resolve.
After services were restored, Rackspace hired cybersecurity experts Crowdstrike to conduct a forensic analysis which showed that the attackers gained access to some customer PST (Personal Storage Table) files where information such as e-mails is stored -mail, calendar data, contacts and tasks.
In total, 27 customers’ data were accessed:
“Of the nearly 30,000 customers using the Hosted Exchange email environment at the time of the attack, forensic investigation revealed that the attacker accessed the personal storage table (PST) of 27 Hosted Exchange customers,” the Rackspace incident report reads.
“We have already communicated our findings to these customers proactively and importantly, according to Crowdstrike, there is no evidence that a cybercriminal actually viewed, acquired, abused or disseminated any of the 27 emails or Hosted Exchange customer data in PST files in any way “.
“Customers who have not been contacted directly by the Rackspace team can rest assured that a cybercriminal has not accessed their PST data.”
In the future, Rackspace will stop operating in a Hosted Exchange environment and move customers to Microsoft 365. Apparently, that was the plan, even before the incident.
“Finally, the Hosted Exchange email environment will not be rebuilt as a forward-looking service offering,” said Rackspace.
“Before the recent security incident, the migration of our Hosted Exchange email environment was planned to Microsoft 365, which has a more flexible pricing model as well as more modern features.”
Through: Beeping Computer (opens in a new tab)