Cloud computing company Rackspace has suffered a security breach that has resulted in a still ongoing outage of their Hosted Exchange environment.
The connectivity issues for Rackspace Hosted Exchange customers – mostly small to medium size businesses – started on Friday, with users experiencing errors when accessing the Outlook Web App and syncing their email clients.
“Since our last update, we have mobilized roughly 1000 support Rackers to reduce wait times and address ticket queues,” the company said on Sunday, then followed up with the decision to contact every Hosted Exchange customer by phone or email.
What caused the incident is unknown, but security researcher Kevin Beaumont has noticed that, a few days ago, the Shodan search engine was showing Rackspace’s Exchange clusters running an Exchange version from August 2022, which means that they did not have the patches for the ProxyNotShell vulnerabilities.
Whether or not the security incident happened due to the exploitation of these vulnerabilities, I think many Rackspace Hosted Exchange customers will end up not switching back after the outage has ended and are now worrying whether they will be able to recover their legacy email data from Rackspace.
“If you run Exchange in Hybrid mode or have on prem servers for management – which is extremely common for almost every Exchange Online customer – you still need to take action. The Microsoft blog says no action is required for Exchange Online. This is wordsmithing by Microsoft, and is wrong – those on prem Exchange Servers you forgot about and rely on still need fixing,” he warned, and offered advice on checking whether their servers have been compromised in the meantime.
