Privacy Ninja

Wasabi Cloud Storage Service Knocked Offline For Hosting Malware

Wasabi Cloud Storage Service Knocked Offline For Hosting Malware

Source: Wasabi.com

Cloud storage provider Wasabi suffered an outage after a domain used for storage endpoints was suspended for hosting malware.

Wasabi is a cloud storage provider that competes with solutions like Amazon S3 by offering significantly cheaper services, not charging egress or API fees, and promising a 99.999999999% data durability.

Yesterday, at approximately 2:30 PM EST, Wasabi users suddenly found that they could no longer access their storage buckets [123] hosted on the wasabisys.com domain.

Wasabi acknowledged the issue in an outage report stating that DNS resolutions were causing “degraded performance.”

“We are currently investigating reports of issues resolving some endpoints including s3.eu-central-1.wasabisys.com s3.us-west-1.wasabisys.com and s3.wasabisys.com. We are investigating to try to determine the source of the issue. We will update this page as soon as we have more details,” Wasabi stated in the status report.

Also Read: Going Beyond DPO Meaning: Ever Heard of Outsourced DPO?

According to the status report, their domain registrar attempted to contact Wasabi about malicious content hosted on the wasabisys.com domain. When sending the abuse report, the registrar forwarded it to the wrong email, and Wasabi was never notified.

This mishap led to the registrar suspending the domain, effectively knocking the storage service offline as almost all of their storage buckets utilize the wasabisys.com domain.

After learning of the abuse report, Wasabi suspended the client hosting the malicious content and asked the registrar to reactivate the domain. The domain’s reinstatement took thirteen hours to complete, with it finally being restored today, at 12:57 PM EST.

“Upon learning of the malicious content report, Wasabi did immediately suspend the associated customer account for terms of service violations. We also contacted the domain name registrar as soon as we identified the problem. However, despite our escalation attempts, it took over 13 hours for them to reactivate the wasabisys.com domain,” Wasabi stated.

Threat actors are known to abuse legitimate cloud hosting services to host malware, and Wasabi is no exception. It is unknown what malicious content, or potentially false positives, triggered the domain’s suspension.

BleepingComputer reached out to Wasabi earlier today with questions about the outage but never received a reply.

Also Read: Limiting Location Data Exposure: 8 Best Practices

Privacy Ninja provides GUARANTEED quality and results for the following CORE SERVICES:

DPO-As-A-Service (Outsourced DPO Subscription)
Vulnerability Assessment & Penetration Testing (VAPT)
PDPA Obligations for Organizational Compliance (SkillsFuture Credit Eligible)

OTHER SERVICES:

PDPA Compliance Audit
Dig
ital Transformation Consultancy
Data Protection Trustmarks Certification Readiness Consultancy

PDPA Data Protection Software
Smart Contract Audit

LIKE & SUBSCRIBE:
Facebook
LinkedIn
Twitter
YouTube
Podcast

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Powered by WhatsApp Chat

× How can we help you?