Featured in this episode of Tech News of the Week
Remember how Rackspace had a little oopsie-doodle with their hosted Microsoft Exchange service last year? Allow me to refresh your memory, what started as an extended outage of the service was revealed to be a widespread ransomware infection impacting a large swath of their user base. The culprit ended up being a mediation put in place for the ProxyNotShell exploit and an improperly secured employee laptop.
Rackspace was able to assist most customers in migrating to Office 365 and establishing dial-tone email service. But the historical data remained locked up for weeks after, with the last update in March 2023 stating that only half of the data had been recovered.
Despite the Hosted Exchange service only representing 1% of Rackspace revenue, the ensuing cost of recovering from the issue and continuing legal battles have taken their toll to the tune of $10.9M so far. The principal attorney in one such legal case said, “Despite hundreds of data breaches every year in this country, I am receiving reports of vulnerabilities in Rackspace’s hosting environment that go back over a year.”
It appears that Rackspace had stopped prioritizing the Hosted Exchange service and was in the process of migrating everyone to Office 365 when disaster struck. Which should be a reminder to all CSPs, just because you’ve decided to EOL a product doesn’t mean you can stop securing it.