Rymden - stock.adobe.com

Rackspace 'security incident' causes Exchange Server outages

Rackspace has not said what caused the security incident, but the cloud provider said it proactively disconnected its Hosted Exchange offering as it investigates the matter.

A "security incident" affecting Rackspace's hosted Microsoft Exchange environments has resulted in major outages for a significant number of its customers.

Rackspace first disclosed an issue with its hosted Microsoft Exchange environments early Friday morning that was preventing its customers from accessing mail services. The cloud provider described the issue as being connectivity-related during initial investigation, until Saturday morning when Rackspace's status page referred to the outage as a "security incident."

UPDATE: Rackspace announced Tuesday that a ransomware attack caused the disruptions of the company's Hosted Exchange environment.

"We proactively powered down and disconnected the Hosted Exchange environment while we triaged to understand the extent and the severity of the impact," the update said. "After further analysis, we have determined that this is a security incident."

The scope of this incident, as well as whether a threat actor is involved, is currently unknown. Microsoft Exchange Server has been beset by a number of high-profile and critical vulnerabilities over the last two years, though it's unclear whether one of the major vulnerability sets, such as ProxyLogon or ProxyShell, is involved in the outage.

Rackspace has not responded to TechTarget Editorial's request for comment at press time.

UPDATE 12/6: A Rackspace spokesperson sent the following statement to TechTarget Editorial Monday evening: "We continue to help customers leverage Microsoft 365 as an immediate resolution path. So far, thousands of customers have successfully moved tens of thousands of users to this platform. All our available resources have been added to assist customers through chat and phone support channels. As hold times can be long, we encourage customers to utilize our callback feature to secure their place in the queue and receive a call when a Racker becomes available."

In order to minimize disruption, the cloud vendor has offered Exchange Online Plan 1 licenses on Microsoft 365 "until further notice." On Sunday morning, Rackspace described the incident as an "extended outage" and recommended migrating to Microsoft 365.

"We have successfully restored email services to thousands of customers on Microsoft 365 and continue to make progress on restoring email service to every affected customer," the status page read. "At this time, moving to Microsoft 365 is the best solution for customers who can now also implement temporary forwarding."

In addition, Rackspace said it was contacting every customer by phone to talk them through options. The vendor has not stated how many customers are affected as of press time.

That said, some alleged Rackspace customers have posted their frustrations to Reddit's r/rackspace and r/sysadmin subreddits. And other users, as recently as Monday, have provided independent assistance to customers coping with the outage.

Alexander Culafi is a writer, journalist and podcaster based in Boston.

Dig Deeper on Cloud security