Yeah, a week sounds like plenty of time to assess a hosting provider.

Oh, and the years of Linode assessment were adequate?

Every site can be hacked. It's just a matter of time. You just have to properly react: call your CC provider, check for any charges on your bill, and move on.

I do not think anyone here is actually worried about their funds; as mentioned below, any reputable provider will have such charges promptly reversed. The problem is instead with their response to the situation.

Linode has addressed the breach, but assured customers nothing of value had been compromised. This infers two thoughts. One: they knew of the breach and lied, thereby unveiling a unforthcoming and dishonest nature. Or two: they did not properly investigative the severity of the issue, thereby suggesting incompetence. Both equally reprehensible.

Mm, not equally. I'd rather have incompetence over malice.

Until they're hacked, too...

Or until they let other customers see all the data on VMs that you've shut down. Oh wait, that already happened: http://www.wired.com/wiredenterprise/2013/04/digitalocean/

DigitalOcean is new and they fixed the problem the same day the article was written:

https://www.digitalocean.com/blog_posts/resolved-lvm-data-is...

If I had a choice between a VPS provider who either:

- Only has large issues (eg. leaks credit card data) and goes weeks without reporting them to customers, or

- Has lots of small issues (eg. forgetting to clean the free space of LVM volumes) but fixes them the same day,

I'd much prefer the latter.

EDIT: My bad, apparently the problem was reported on March 27 and wasn't fixed until April 2.

Wait a second.. you consider a provider giving data from your VMs to another random customer a SMALL issue?

Maybe you don't have anything of importance on your VMs, but plenty of people do. That data could contain credit card data, passwords, etc, etc, etc. It is very much a large issue.

Sure. My thoughts don't apply to everyone here, and I certainly can't claim to be unbiased since I like DO so much.

According to DigitalOcean, they stated that this impacts 3% of all machines, only the largest and most expensive servers. None of the smaller plans were leaking data.

I don't know how many credit card numbers were leaked from linode, but I'd guess more than 3%.

Second, if security is important to you, you can use 'dd' to clear the machine yourself before shutting it off. (In fact, good data destruction policies mandate the use of 'shred' et al anyway). On Linode, affected users don't even have a workaround (like this) to avoid information compromise.

There is no evidence to suggest that Linode leaked credit card data.

Personally I took precautionary measures and just called my bank to replace my credit card, which I think is the sane approach, as when it comes to hacking you have to assume the worst.

However, your statement on "has lots of small issues but fixes them the same day" is just stupidly childish. Linode's issues are bigger just because they are a bigger target.

Fuck it, I'm gonna recruit 7 friends and we'll set up our own VM cluster.

Unlike Linode, they accept PayPal.

I'm far more concerned about the integrity of my servers than about my CC, which has good fraud protection.

was not convinced by the website, looks nice but prices are kind of very cheap ?

also a twitter feed for the customers page ?