Hacker puts Code Spaces out of business

Code hosting and software collaboration platform Code Spaces has gone out of business after a hacker deleted their data and backups.

The news broke via an apologetic announcement on Code Spaces’ website:

“Code Spaces will not be able to operate beyond this point, the cost of resolving this issue to date and the expected cost of refunding customers who have been left without the service they paid for will put Code Spaces in an irreversible position both financially and in terms of on going credibility,” it said. “As such at this point in time we have no alternative but to cease trading and concentrate on supporting our affected customers in exporting any remaining data they have left with us.”

The company apologised for the inconvenience to its customers and promised to spend its current resources helping them recover whatever data might be left.

The cyber attack began with a DDoS attack on Tuesday and an intrusion into Code Spaces’ Amazon EC2 control panel. Extortion demands soon followed, including an email address that was to be used to contact the attackers.

“Upon realization that somebody had access to our control panel, we started to investigate how access had been gained and what access that person had to the data in our systems,” the company statement explained. “It became clear that so far no machine access had been achieved due to the intruder not having our private keys.”

Code Spaces changed its EC2 passwords, but soon discovered the attacker had created backup logins. It didn’t take long for the attackers to notice Code Spaces’ recovery attempts and start deleting data.

“We finally managed to get our panel access back, but not before he had removed all EBS snapshots, S3 buckets, all AMIs, some EBS instances and several machine instances,” Code Spaces said. “In summary, most of our data, backups, machine configurations and offsite backups were either partially or completely deleted.”

Subscribe to our blog for email updates on this story.