According to Rackspace, several customers’ data was accessed.

Rackspace stated that the attackers responsible for the data breach gained access to some of its customers’ Personal Storage Table files. It includes a variety of information such as emails, calendar entries, contacts, and tasks.

Rackspace ransomware attack

This revelation comes after the company revealed that the Play ransomware operation was responsible for the cyberattack. This infamous attack brought down its hosted Microsoft Exchange environment.

The investigation headed by the cybersecurity website is now complete. The attackers acquired access to the personal storage folders of 27 Rackspace users.

However, Rackspace states that there is no indication that they saw or exploited the contents of the accessible backup files.

Rackspace mentioned in the incident report shared with Bleeping Computer that there were nearly 30,000 customers in the Hosted Exchange email environment. The investigation determined that hackers accessed a Personal Storage Table of 27 Hosted Exchange customers.

An online security website – Crowdstrike claims to have already proactively reported findings to these customers.

There is no indication that the cybercriminals distributed any of the 27 Hosted Exchange customers’ PST data in any way. Customers who didn’t receive any notification from Rackspace should know that the hackers did not access their PST data.

While RackSpace claims there is no proof that threat actors accessed client data. Experience shows that this is not always the case. Furthermore, even if the data is not disclosed or if a ransom is paid it is possible that hackers accessed the data.

Victims can download recovered PST data

Rackspace is providing victims free licenses to transfer their email from its Hosted Exchange platform to Microsoft Office 365. Since the ransomware attack occurred on December 2 and it caused disruption was caused is services the company is trying to fix the damage.

The cloud computing company is offering affected users the to retrieve email messages before December 2 via its customer site.

The business claims that they are proactively alerting customers who have had more than 50% of their emails returned.

Rackspace teams say “We will continue to strive to recover as much data as possible as planned. In the meantime, we are building an on-demand alternative for clients who still want to retrieve their data. The on-demand solution should be available within two weeks.

Bleeping Computer questioned a Rackspace official if the email data is being recovered from Rackspace backups or using a decryption tool given by the Play ransomware perpetrators.

Rackspace ensures that its Hosted Exchange environment will be phased down. The company states that it plans to transition clients to Microsoft 365 Office before the December ransomware outbreak.

Rackspace added, the Hosted Exchange email environment will not be rebuilt; as a going forward service offering.

Even before the current security problem, the Hosted email infrastructure was scheduled for migration to Office Microsoft 365. Which offers a more flexible pricing model and more modern features and capabilities.