NetDNA, parent company of MAXCDN– provides content delivery services to websites – has been hacked. NetDNA has immediately taken needed security measures to block attackers and after that send emails to users about the hack. Upon initial investigation, NetDNA has found attackers will be able to access their user information like email address and contact information, some customer configuration information and Hashed Passwords and API keys.
To prevent this, NetDNA requesting users to change their passwords, update API credentials, strengthen API whitelist. MAXCDN support email about breach reads “Although passwords were encrypted (hashed and salted), we recommend that you change or reset passwords on other services where you may use similar passwords. We recommend you use a unique password on each service “.
At present all MAXCDN users passwords were expired, they need to create a new password for their account by logging onto MaxCDN control Panel with their login credentials. After that, link to change password will be emailed to email address registered while creating MaxCDN account.
You can read more important information about this below or fully on MaxCDN blog.
What Happened?
We use a combination of our own infrastructure and managed infrastructure provided by third party vendors. One of the third party vendors, who will be making an announcement in the coming days, had a security breach. The internal infrastructure of this provider stored certain access credentials to the IPMI module on some of our remote servers (used for remote access); this is where the intruder gained their initial point of access. As a result of this vulnerability, a web server containing customer information on our network was able to be accessed. We have been working around the clock since discovering this.
Is my payment information compromised?
No, the system that stores customer credit card and billing information was NOT affected or accessed.
What were the hackers targeting?
We believe the hackers wanted to insert malicious javascript into high traffic websites by changing their origin hostnames.
I don’t remember my password, how can I change it?
For this process, we’ve disabled the “Forgot Password” feature on our control panel login page. Please contact support to verify your account – [email protected].