>
The hackers who attacked Rackspace in December 2022 managed to access personally identifiable information from about two dozen customers, the company has confirmed after forensic analysis of the event.
Fortunately, there is no evidence that the data obtained during the attack was misused, it added.
In December last year ransomware (opens in new tab) operators using the Play malware variant targeted Rackspace and disabled the hosted Microsoft Exchange environment.
Migrate to Microsoft 365
Initially, the company reported a “significant outage” in its Hosted Exchange environment, also adding that the issue was “isolated to part of our Hosted Exchange platform.” The problems manifested themselves as “connectivity and login issues”, and lasted most of the weekend.
After services were restored, Rackspace hired cybersecurity experts Crowdstrike to lead the forensic analysis, which revealed that the attackers had access to some customers’ Personal Storage Table (PST) files, containing information such as emails, calendar entries, contacts and tasks.
A total of 27 customers have been given access to their data:
“Of the nearly 30,000 customers on the Hosted Exchange email environment at the time of the attack, the forensic investigation determined that the threat actor accessed a Personal Storage Table (“PST”) of 27 Hosted Exchange customers,” according to an incident report from Rackspace.
“We have already proactively communicated our findings to these customers, and more importantly, according to Crowdstrike, there is no evidence that the threat actor actually accessed, obtained, misused or distributed the emails or data contained in the PSTs of the 27 Hosted Exchange customers . In each case.”
“Customers who have not been contacted directly by the Rackspace team can rest assured that their PST data has not been accessed by the threat actor.”
Going forward, Rackspace will retire its Hosted Exchange environment and migrate customers to Microsoft 365. Apparently that was the plan all along, even before the incident.
“Finally, the Hosted Exchange email environment will not be rebuilt as a cutting-edge service offering,” said Rackspace.
“Even before the recent security incident, the Hosted Exchange email environment was already planned for migration to Microsoft 365, which has a more flexible pricing model, as well as more modern features and functionality.”
Through: Beeping computer (opens in new tab)