How about you guys cool it and stop organizing a lynching mob devoid of any real data? It's embarrassing. HN is supposed to be populated with lots of very smart, data-driven analytical folks. Yet, every time something like this happens out of the woodwork come people who would ran you and your children down in the event of an emergency rather than turn around, carefully evaluate the situation, and help you. Don't be a moron. Stop it. For all you know there's a serious law enforcement effort under way that prevents Linode from talking.
For the record, I am a Linode customer and just got a new server to migrate a couple of sites into. My plans have not been altered at all by this. I have no data to suggest I should.
I am a customer too, and I wield no torch or pitchfork, but I grow increasingly frustrated at the lack of response from Linode.
I understand your point about the idea that they may be unable to speak to the issue due to law enforcement efforts, but for the moment, acknowledgement would be satisfactory. I would be happy with, "We're aware of the rumors regarding the intrusion at Linode this past week. We are working with law enforcement and cannot comment on details at this time. However, we will provide a full postmortem once we are able to do so."
The problem is when the explanation never comes. It's OK if it's not this second, but tell us it's coming, and then follow through. Complete silence is frustrating.
>Thank you for your inquiry, and I certainly understand your concern. We are still conducting an active investigation and unable to disclose most information at this time. This being said, we do not yet have any evidence that any payment information of any customers have been compromised. We will be releasing further information regarding the incident soon, so please keep watch of our website and blog for said information. If you have any further questions, please feel free to ask.
That actually sounds pretty close to what you're asking for, although I have to say it didn't make me feel much better. It would be nice if they would make a public statement too.
I get it. It's just that these things keep getting exaggerated, twisted and blown out of proportion in the best Fox News, CNN, MSNBC, et al. style. It's sad to see it happen on HN, where things ought to be far more analytical and data (aka: facts) driven.
Before it was the widespread hacking that resulted in Bitcoins being stolen. And users were never told exactly what happened and what was done about it.
People have every right to expect the worse with a company with a track record as poor as Linodes.
I don't think that quite explains it. Someone who calls himself "ryan" on IRC makes unsubstantiated claims, and in response many dozens of people say loathsome, sneering things about the security practices of this company. The appearance of a mob emerges after a thread exists, it doesn't create the thread.
Reading through the IRC chat log it didn't look like he'd proved he had the CC numbers.
I mean, if I was a linode customer I'd definitely be on the phone to the bank, but this guy presented no evidence I'm aware of that he had the kind of access he claims.
For the record, I am a Linode customer and just got a new server to migrate a couple of sites into. My plans have not been altered at all by this. I have no data to suggest I should.