Hacker Puts Hosting Service Code Spaces Out of Business

Cloud-based code-hosting service Code Spaces announced today it was going out of business after a hacker deleted most of its machines, customer data and backups.

Code Spaces, a code-hosting and software collaboration platform, has been put out of business by an attacker who deleted the company’s data and backups.

Officials wrote a lengthy explanation and apology on the company’s website, promising to spend its current resources helping customers recover whatever data may be left.

“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of ongoing credibility,” read the note. “As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us.”

The beginning of the end was a DDoS attack initiated yesterday that was accompanied by an intrusion into Code Spaces’ Amazon EC2 control panel. Extortion demands were left for Code Spaces officials, along with a Hotmail address they were supposed to use to contact the attackers.

“Upon realization that somebody had access to our control panel, we started to investigate how access had been gained and what access that person had to the data in our systems,” Code Spaces said. “It became clear that so far no machine access had been achieved due to the intruder not having our private keys.”

Code Spaces said it changed its EC2 passwords, but quickly discovered the attacker had created backup logins, and once recovery attempts were noticed, the attacker began deleting artifacts from the panel.

“We finally managed to get our panel access back, but not before he had removed all EBS snapshots, S3 buckets, all AMI’s, some EBS instances and several machine instances,” Code Spaces said. “In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.”

“In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.”

Amazon Web Services customers are responsible for credential management. Amazon, however, has built-in support for two-factor authentication that can be used with AWS accounts and accounts managed by the AWS Identity and Access Management tool. AWS IAM enables control over user access, including individual credentials, role separation and least privilege.

Within 12 hours, Code Spaces went from a viable business to devastation. The company reported that all of its svn repositories—backups and snapshots—were deleted. All EBS volumes containing database files were also deleted. A few old svn nodes and one git node were left untouched, the company said.

A cache of Code Spaces services includes promises of full redundancy and that code is duplicated and distributed among data centers on three continents.

“Backing up data is one thing, but it is meaningless without a recovery plan, not only that a recovery plan – and one that is well-practiced and proven to work time and time again,” Code Spaces said. “Code Spaces has a full recovery plan that has been proven to work and is, in fact, practiced.”

Suggested articles


  • Duh on

    It's not a backup if you keep it in the same place (virtually or physically) as the original.
  • Steve on

    You should never have a backup strategy, its a recovery strategy you need. All the backups in the world are worthless if you can't recover.
  • Dippy-do on

    Why can't 'delete' have its own authentication password? Ex. Login as admin, delete backup, prompt for delete password. If deleting required a password even as admin, a web server could then require two-factor authentication and send out an sms alert. Just a thought...
  • iambigd on

    I don't understand why someone would do this. Put honest hard working people on the street looking for a job just because they can. I feel sorry for this person that has to live with himself knowing the hardship he/she has caused these people.
  • FUDprevails on

    Because the person or persons who did it had no fear of retribution, knew other AWS clients would realize that they could be next and pay the ransom, etc.
  • David on

    This picture is a terrible representation of a hacker. Gotta love the stock photos of hoodie wearing young men, doing some obscure and fictional thing to a computer.
  • Matthew on

    This is exactly the reason why I do not trust cloud services.. So easy to lose it all.. Physical Back ups will always remain. My supplier Insurgo Media Services highlighted the dangers of cloud and it shows to have been correct.. Lucky escape
  • lucio fonseca on

    Matthew, "cloud" is just "stuff on a server" if you have something running on a server inside your building, marketoids now say that you have a local cloud or something like that. it's just a term idiots (marketeers) use. it's always dangerous to have a service on-line without real offline/offsite backups and a restore strategy. period.
  • lucio fonseca on

    David, it's just the usual nonsense images "journalists" use. if they did a little research, they would find out no self-respecting hacker does this kind of stuff. this is stuff criminals and 12yo script-kiddies do.
  • tim on

    its only a commercial backup if it is in a separate SECRET physical location AND not connected to the internet 24 / 7.. IF they had a online backup which only gave them access every 14 days they would have survived.. you get the idea
  • bigmacbear on

    @iambigd, @FUDPrevails: Looks like we have a hostage taker who decided in this case to actually kill the hostage. Not a smart move in any case.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.