FBI mistakenly stole Instapaper server
An unpleasant story happened with Instapaper web service. One of the company's five servers was leased from the Swiss hoster DigitalOne in a data center in Virginia. On Tuesday morning, there was an FBI operation (see the official press release ). What exactly the special services were looking for is not exactly known. They say they wanted to confiscate a particular server, but Sergey Ostroumov, executive director of the hosting company DigitalOne, explained that in addition to the FBI’s search, there were “dozens of servers from uncomplicated companies”.
In addition to Instapaper, the work of other normal sites was disrupted.
The creator and sole developer of Instapaper, Marco Arment, reports that the “stolen” server was used to replicate MySQL databases and process read-only requests in order to speed up the site. The service itself did not go offline as a result of the theft and no information was lost, only the site began to slow down. Mark explains that he considers the server “stolen”, because the FBI did not have a warrant to confiscate it, they took possession of someone else’s property illegally, that is, they stole it.
The main hoster Instapaper quickly responded to the request and on Thursday evening picked up the backup of the stolen server, so the site returned to normal operation.
')
Marco Arment warned everyone about the data breach - the FBI had a full Instapaper database at its disposal, including a list of all users, unreleased bookmarks and salted password hashes in SHA-1. Although passwords are relatively secure, users' postal addresses are stored in clear text.
For linked Facebook, Twitter and Tumblr accounts, only their respective OAuth keys were stored. For Evernote accounts, only email addresses are stored. For Pinboard accounts, cleartext names and encrypted passwords, and the keys were in the code of the website on the stolen server.
UPD. The FBI returned the server late Friday night . According to the logs, it was not included. Although theoretically, the FBI could make copies of the discs, not including the server itself and leaving no trace of this operation.
In addition to Instapaper, the work of other normal sites was disrupted.
The creator and sole developer of Instapaper, Marco Arment, reports that the “stolen” server was used to replicate MySQL databases and process read-only requests in order to speed up the site. The service itself did not go offline as a result of the theft and no information was lost, only the site began to slow down. Mark explains that he considers the server “stolen”, because the FBI did not have a warrant to confiscate it, they took possession of someone else’s property illegally, that is, they stole it.
The main hoster Instapaper quickly responded to the request and on Thursday evening picked up the backup of the stolen server, so the site returned to normal operation.
')
Marco Arment warned everyone about the data breach - the FBI had a full Instapaper database at its disposal, including a list of all users, unreleased bookmarks and salted password hashes in SHA-1. Although passwords are relatively secure, users' postal addresses are stored in clear text.
For linked Facebook, Twitter and Tumblr accounts, only their respective OAuth keys were stored. For Evernote accounts, only email addresses are stored. For Pinboard accounts, cleartext names and encrypted passwords, and the keys were in the code of the website on the stolen server.
UPD. The FBI returned the server late Friday night . According to the logs, it was not included. Although theoretically, the FBI could make copies of the discs, not including the server itself and leaving no trace of this operation.
Source: https://habr.com/ru/post/122661/
All Articles