American cloud provider Linode was forced to reset all customer passwords after discovering what are believed to be stolen user credentials on an external machine. The company suspects that the information has been lifted directly from its database.

The news follows ten days of relentless Distributed Denial of Service (DDoS) attacks against Linode’s infrastructure which disrupted services to customers, although the company says there’s no evidence that the two incidents are connected.

In both cases, the business has no idea who is behind the attacks. It has not been contacted by anyone claiming responsibility or asking for a ransom.

“We’ve retained a well-known third-party security firm to aid in our investigation. Multiple Federal law enforcement authorities are also investigating and have cases open for both issues. When the thorough investigation is complete, we will share an update on the findings,” Linode said in a statement.

The battle for Linode

Linode is a cloud pioneer that’s been offering Linux virtual servers since 2003. Its cloud hosting and backup services are available from eight data centers worldwide – four in the US, two in Europe and another two in Asia.

Earlier this week while investigating unauthorized login attempts, Linode’s security team discovered two sets of user credentials that included usernames, email addresses, securely hashed passwords and encrypted two-factor seeds.

“This may have contributed to the unauthorized access of the three Linode customer accounts mentioned above, which were logged into via manager.linode.com,” explained the blog post.

“The affected customers were notified immediately. We have found no other evidence of access to Linode infrastructure, including host machines and virtual machine data.”

The company has apologized for the inconvenience caused, and advised customers to enable two-factor authentication to improve the security of their accounts.

“While we feel victimized ourselves, we understand it is our responsibility, and our privilege as your host, to provide the best possible security and service.”

“Thank you for your patience, understanding and ongoing trust in Linode.”

The DDoS attacks against Linode began on Christmas Day and affected multiple locations at a time. Customers in Atlanta and London are believed to have been worst impacted. The attacks were finally mitigated by Monday, although the company warned some connectivity issues might persist.

“It has become evident in the past two days that a bad actor is purchasing large amounts of botnet capacity in an attempt to significantly damage Linode’s business,” Alex Forster, network manager at Linode, said at the time.