Member-only story
Rackspace Cloud Office suffers destructive security breach
Thousands of small to medium size businesses are suffering as Rackspace have suffered a security breach on their Hosted Exchange service. Rackspace have now confirmed this is a ransomware incident.
Yesterday, 2nd December 2022, Rackspace announced an outage to their Hosted Exchange Server:
Updated followed through the day, but were a little vague:
I got involved in the end, as I noticed something and documented it in this thread:
Chiefly at Rackspace’s managed service uses the hostnames mex*.emailsrvr.com for Exchange and OWA:
And then when looking at the most recent Shodan data, it was clear the Exchange cluster was showing Exchange long build numbers that were old:
This Exchange build number is from August 2022, before the ProxyNotShell patches became available:
