After revealing that threat actors from Play were the ones that disrupted email access for its Hosted Exchange customers in early December, Rackspace has revealed again that the attackers accessed some of its customers’ Personal Storage Table (PST) files, which can contain a wide range of information, including emails, calendar data, contacts, and tasks.
Crowdstrike, a cybersecurity firm, said the attackers gained access to the personal storage folders of 27 Rackspace customers. It was quick to point out, however, that there is no evidence that they viewed the contents of the accessed backup files or misused the data. The affected storage table contains calendar events, contacts, and email messages, posing a serious risk of data exposure to affected customers.
At the time of the ransomware attack, approximately 30,000 customers used Rackspace’s hosted Exchange service, which it will now discontinue. Instead, the company will continue with its current plans to migrate customer accounts to Microsoft 365. In the meantime, Rackspace Email will be offered as an alternative to clients who do not want to use Microsoft 365.
Customers who were not contacted directly by the Rackspace team can be assured that the threat actor did not access their PST data, said Rackspace, which has been offering free Microsoft 365 migration to impacted customers.
The sources for this piece include an article in BleepingComputer.