Wiki and ticketing system of cloud company Opscode plundered
Web Services
A software glitch allowed hackers into the systems of the firm that supports Facebook and Splunk, among other Web services firms.
"The attacker gained escalated privileges and downloaded the user database for the wiki and ticketing system," the company said in a blog post. "The user database that was accessed contained usernames, email addresses, full names, and hashed passwords."
Internal security systems flagged the malicious activity.
The pathway in: “It appears the attacker used a vulnerability in the wiki software and ran a JavaScript program from the Uniform Resource Identifier. In the short time before being spotted, the attacker was able to download some database data, but nothing too serious.”
Opscode said there's "currently no evidence" that hosted data has been copied or compromised.
“It's an embarrassing issue for a company that has become something of a cloud and datacenter darling of late, but it could happen to anyone these days and such openness is to be commended,” the Register writes.