Rackspace confirms customer data was hit in ransomware attack

Conceptual art of a computer system being hacked.
Due hacker ci hanno mostrato quanto sia semplice attaccare le infrastrutture critiche (Image credit: Getty Images)

The hackers that attacked Rackspace in December 2022 did manage to access personally identifiable information on roughly two dozen customers, the company has confirmed following the forensic analysis of the event. 

Fortunately, there is no evidence that the data obtained during the attack was abused, it added.

In December last year, ransomware operators using the Play malware variant targeted Rackspace, taking down its hosted Microsoft Exchange environment. 

Migrating to Microsoft 365

Initially, the company reported of a “significant failure” in its Hosted exchange environment, also adding that the problem was “isolated to a portion of our Hosted Exchange platform”. The issues manifested themselves as “connectivity and login issues”, and took most of the weekend to address.

After restoring its services, Rackspace employed cybersecurity experts Crowdstrike to lead the forensic analysis, which determined that the attackers accessed some of its customers’ Personal Storage Table (PST) files, holding information such as emails, calendar data, contacts, and tasks. 

In total, 27 customers have had their data accessed:

"Of the nearly 30,000 customers on the Hosted Exchange email environment at the time of the attack, the forensic investigation determined the threat actor accessed a Personal Storage Table ('PST') of 27 Hosted Exchange customers," a Rackspace incident report read.

"We have already communicated our findings to these customers proactively, and importantly, according to Crowdstrike, there is no evidence that the threat actor actually viewed, obtained, misused, or disseminated any of the 27 Hosted Exchange customers' emails or data in the PSTs in any way."

"Customers who were not contacted directly by the Rackspace team can be assured that their PST data was not accessed by the threat actor."

Going forward, Rackspace will be discontinuing its Hosted Exchange environment and migrating customers to Microsoft 365. Apparently, that was always the plan, even before the incident.

"Finally, the Hosted Exchange email environment will not be rebuilt as a go-forward service offering," Rackspace said.

"Even prior to the recent security incident, the Hosted Exchange email environment had already been planned for migration to Microsoft 365, which has a more flexible pricing model, as well as more modern features and functionality."

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.