Rackspace has not offered any explanation of the “security incident” that has taken out its hosted Exchange environment and led the company to predict multiple days of downtime before restoration.
In response to inquiries from The Register, Rackspace said its incident status page and an FAQ provided to customers are all it can provide at this time.
Both documents warn of a lengthy outage, and advise migration to Microsoft 365 for mail services.
Both are also silent on the risk of data loss, or data leaks.
Many social media reports mention not being able to restore all inboxes after migration. And given that email is used to store way too many documents, the risk of leaks is very significant.
The status page has at least been updated regularly. While it assures that Rackspace has restored “thousands of customers,” it’s unclear whether those thousands represent the bulk of affected users or a tiny minority. And for the rest, the news remains grim.
When the hosted Exchange service became unavailable, Rackspace quickly advised of – and offered free access to – Microsoft 365 as the fastest way to restore service, and offered do-it-yourself instructions on how to make the move.
Despite Rackspace’s advice that the migration procedure should take between 30 and 60 minutes, some users found that option was not simple to implement. The Registerhas conversed with customers who profess to having little technical expertise – which is fair enough given Rackspace promotes its hosted Exchange service as suitable for “any business size or need” and that an “award-winning team of support experts is available to solve your technical problems 24x7x365.”
Non-technical users, however, found it hard to implement the instructions. Worse, customers of all sizes have also found the promise of swift support is not currently being fulfilled.
Rackspace’s recent updates state that it has thrown 1,000 of its staff into support duties in an attempt to address “much longer than usual” wait times. But Reg readers have sent accounts of being left on hold for four hours.
“This Rackspace nightmare just won’t end!” one wrote. “Unreal! No end in sight!”
Many versions of the following tweet are easy to find.
- Rackspace rocked by ‘security incident’ that has taken out hosted Exchange services
- Rackspace considers selling part of business: ‘Everything’ on the table
- Rackspace literally decimates workforce: One in ten staffers let go this week
Rackspace claims it is in the process of contacting all affected customers by telephone. It has also acknowledged migration to Microsoft 365 is not the answer for all.
“We have heard and understand that self-migration may not be simple and can be challenging to implement,” the status update admits.
The company has therefore introduced a kludge that will route email destined for its downed Exchange servers to an alternate external email address.
But there’s no self-service option to get that done. Users must instead log a ticket with Rackspace to request the workaround, then respond with a list of users for whom they wish forwarding to be applied.
Rackspace has not advised of turnaround times for such requests, and migration to Microsoft 365 remains the provider’s preferred option.
Just what caused the mess remains a mystery.
Rackspace has advised customers that “In order to best protect the environment, this will continue to be an extended outage of Hosted Exchange.” The Register fancies that whatever caused the incident could do more damage if the services were restored without careful triage – meaning there’s malware somewhere and it could spread.
And at the time of writing, it is two days and twenty hours since Rackspace first noted an incident. Speculation is filling the information vacuum, with theories pondering whether Rackspace’s Exchange implementation has been patched to cope with recently revealed exploits of the messaging server, or the many other flaws that can flatten Exchange. Rackspace’s own email service experienced difficulties on November 29 – perhaps an exploratory foray by an attacker?
The Register will continue to fire questions at Rackspace – which has promised twice-daily updates and appears to be sticking to that schedule – and will update this story, or pen others, as the situation develops. ®