Help & Resource Center

Rackspace Email Vulnerability - December 22, 2013

Dear Client,

Last night we received the message below from Rackspace regarding a possible vulnerability with their email server.  As a preemptive measure, Rackspace has changed the password on the email accounts with this potential vulnerability.  This problem does not appear to have affected everyone's account but instead about 10% of Modern Retail's overall users.  We have asked Rackspace for additional information regarding the vulnerability and will make it available to you as soon as we can.

Modern Retail will be contacting you today to help you reset the passwords on the affected accounts.  We know email is very important to you and this is a terrible time of year to be experiencing this sort of problem. We're very sorry for any inconvenience this may have caused.

Please be patient with Modern Retail as we work through this with you today.  Even though only 10% of our users were potentially affected, this is a huge number of people we must contact today. Thank you.



Date Created: 12/23/13


Update @ 8:55 am CST

We are reaching out to every client who was affected and changing the passwords on the email accounts for those users who encountered this problem.  While we are working as fast as we can there are a lot of email accounts to reset.  Additionally, it is going extremely slow as it looks like Rackspace's Administration Website is being overloaded with requests due to this problem.  It may take us several hours before we're able to reset everyone's account. We're very sorry for this disruption!


Update @ 9:45 am CST

I'm sorry but we've been unable to get into Rackspace's email administrative interface to change anyone's password for the last hour.  The administrative panel used to change passwords appears to be overloaded with requests right now and we simply cannot get in to make any changes. We will keep trying but we do not have an estimate on when things will improve.  I'm sorry.

Here's the error we're getting when we try to access accounts to change passwords:


Update @ 10:45 am CST

Rackspace's email administrative interface appears to be performing better now and we're actively going through and resetting everyone's email account that was affected.  Please expect to hear from us shortly.  Thank you!

Update @ 11:30 am CST

We're still working with Rackspace to get a clear picture of what happened but here's what we've received thus far.

Question:  Was any of my data accessed by a 3rd party?

Answer: We cannot confirm that your data was transmitted outside of Rackspace, but we can confirm that the directory containing the files in question were accessed in such a manner that leads us to believe it is possible that someone had unauthorized access. It’s entirely possible that the access we’re referring to came from one of our own internal systems, in which case a breach did not occur. Unfortunately, we cannot explicitly determine who accessed the data.
 
Question: How did this happen / When did this happen? / Will it happen in the future?

Answer: We believe that this vulnerability was exposed during our migration from our IAD1 data center to our new IAD3 data center, which was completed at the beginning of November. During this time, we had to modify configurations on our control panel which ultimately led to this vulnerability. While we are confident it has been fixed, out of an abundance of caution we are resetting passwords to ensure your information is safe & secure. The issue that occurred was due to human error. This specific issue has been resolved, and we have taken measures to eliminate these types of mistakes in the future.

Question: What information was potentially exposed?

Answer: As part of the bulk import process, administrators have the ability to import the following fields (First & Last Name, Username, Password, Address, Phone Number, Notes, Domain, Email Address). It’s important to note that while it’s possible to utilize each of these fields, in most cases the administrator only provides the basic information (username / password) which is required to establish an account. In addition to that, when administrators perform bulk uploads, most of the time a single password is used across all usernames for simplicity sake. The administrators typically notify users that they should reset their passwords after first login so that they are the only one that has access to their mail data.

Update @ 12:00 pm CST

Ok, we understand this potential email vulnerability better and here's our summary of what happened:

Rackspace was performing an upgrade of their data center and during this migration, through human error, some information could have potentially been available to outside sources.  The information that was exposed did not have any personally identifiable information, which could allow someone to access your email account.  However, Rackspace as a precautionary measure immediately changed the passwords on all affected accounts just to be sure.

By now I'm sure you've heard from someone at Modern Retail if your account was affected.  If not, then your email account was most likely not part of today's episode.

A big thank you goes out to all our clients!  We know this is a crazy time of year but we thoroughly appreciate your patience as we worked through what happened with Rackspace!


alert_icon.gif

If you did not get called personally please check with your Account Owner.  The store or business owner was notified and has a complete list of email address and passwords for everyone who was affected.