MaxCDN’s NetDNA Suffers Security Breach, Asks Users to Change Passwords

NetDNA, parent company of MAXCDN– provides content delivery services for websites – has been hacked. NetDNA immediately took the necessary security measures to block the attackers and then email users about the hack. Upon initial investigation, NetDNA found that attackers will be able to access your user information such as your email address and contact information, some client configuration information, and hashed passwords and API keys.

To avoid this, NetDNA prompts users to change their passwords, update API credentials, enforce API whitelist. MAXCDN’s support email about breach says “Although passwords have been encrypted (hashed and skipped), we recommend that you change or reset passwords on other services where you may use similar passwords. We recommend that you use a unique password on each “.

All passwords for MAXCDN users are currently expired, they need to create a new password for their account by logging into the MaxCDN Control Panel with their login credentials. After that, the link to change the password will be sent to the email address registered during MaxCDN account creation.

You can read more important information about this below or fully at MaxCDN blog.

What happened?

We use a combination of our own infrastructure and managed infrastructure provided by third-party vendors. One of the third-party vendors, which will make an announcement in the coming days, had a security breach. This provider’s internal infrastructure stored certain IPMI module access credentials on some of our remote servers (used for remote access); this is where the intruder gained his initial point of access. As a result of this vulnerability, a web server containing information from clients on our network could be accessed. We’ve been working non-stop since we discovered this.

Is my payment information compromised?

No, the system that stores the customer’s credit card and billing information was NOT affected or accessed.

What was the hackers target?

We believe the hackers wanted to insert malicious javascript into high traffic websites by changing their origin hostnames.

I don’t remember my password, how can I change it?

For this process, we have disabled the “Forgot my password” feature on our control panel login page. Contact support to verify your account – [email protected].

Related Posts

Leave a Reply

Your email address will not be published.