Hacker News new | past | comments | ask | show | jobs | submit login

It should be required for their personnel and an option for me to enable for my account/specific Linodes.



The only excuse for this incident is if they did have 2-factor for their admin portal (which, from the discussion, is presumably separate from manager.linode.com) and someone conducted a targeted attack on a linode employee to compromise/steal both her token (either separate or a totp oath app like googleauthenticator or similar) AND her password.

If someone went to that much effort just to steal some bitcoins, they set their sights too low. Linode must host more valuable stuff.


Someone got off scot-free with a quarter million USD in anonymous currency. I'm not sure how that's setting sights too low...


Yes they are free a day after the event. There are bound to be logs and with that the possibility of capture. The person or people who did this are not quite resting easy, well unless it was a foreign entity that did it... That would change things considerably.


Given the nature of how bitcoin works, however, they can easily move the money through exchanges in foreign jurisdictions, effectively laundering it. There'd be a trail, with logs, but it'd be inaccessible to investigators.


> Linode must host more valuable stuff.

Such as? bitcoins are valuable and easy to run away with. Stolen credit card numbers are such a hassle to monetize that they can be bought with only $2 or $3 of e-currency.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: