CloudCone确认由于受到黑客攻击，用户数据全部丢失，且无法恢复

近日，知名云服务商CloudCone向用户发布紧急通知，确认其美国洛杉矶数据中心的虚拟私有服务器（VPS）因第三方平台漏洞遭受黑客攻击，导致部分用户数据全部丢失且无法恢复。

据CloudCone在致客户信中披露，事件起源于一个用于VPS部署的第三方网关平台存在安全漏洞，攻击者利用该漏洞入侵了多台主机节点，并对虚拟机磁盘进行了破坏性操作。尽管技术团队尝试了多种数据恢复方案，但最终确认受影响数据已不可挽回。

受影响范围仅限于洛杉矶区域的VPS服务，其他地区服务未受波及。CloudCone强调，用户的个人信息、账单及支付数据均存储于独立客户平台，未在此次事件中泄露。

事件发生后，CloudCone已采取紧急措施：全面重装受影响系统、轮换所有安全凭证、强化防火墙规则，并加速推进自研平台迁移计划。公司预计在三月底前完成向新平台的过渡，以彻底摆脱对第三方系统的依赖。

目前，90%受影响节点已进入重装就绪状态。CloudCone提醒用户：在管理页面看到重装提示横幅后，可自行操作恢复备份。由于重装需求集中，完成过程可能需要3-6小时。

此次事件也暴露了云计算产业链的潜在风险——同一第三方平台的漏洞导致多家服务商同时受影响。CloudCone在信中坦言“事件超出直接控制范围”，但承诺将提供详细事件报告，并持续加强系统防护。

对于依赖云服务的企业与开发者而言，此次事件再次敲响警钟：除了选择可信服务商，建立跨地域数据备份与灾难恢复方案，已成为数字化时代不可或缺的安全实践。

CloudCone公告原文

Hello ,

We’re reaching out with an important update regarding a recent incident that affected your VPS (Virtual Private Server) in LA, USA.

What We First Observed
Our team was initially alerted when our monitoring systems detected that several virtual machines had lost network connectivity.

We confirmed that multiple host nodes were compromised and that the disks of the affected VMs had been corrupted. Our engineering teams immediately isolated the impacted servers and began a detailed analysis.

We attempted data recovery through multiple methods, including examining raw block devices, reconstructing partition tables, and searching for intact filesystems; however, these recovery attempts were unsuccessful.

Scope of Impact

Only VPS nodes in LA, USA were affected.

Affected VPS data is in an irrecoverable state.

LA VPSs will remain offline until they are re-installed.

Incident Analysis

We identified that a third-party platform, which acts as the VPS deployment gateway, was compromised due to a vulnerability and was used to gain access to host nodes connected to it. As a result, disks of the affected VMs were corrupted and are in an irrecoverable state.
We also discovered that this was not an isolated incident, as it affected several other hosting providers utilizing the same third-party platform.
Your personal information in the CloudCone Client Area is safe. We do not store personal information, billing data, or payment details within this third-party platform.

Actions Taken
To secure our infrastructure and prevent a recurrence, we have taken the following actions:

Performed clean re-installations of the VPS deployment gateway and affected host nodes.
Rotated all API keys and credentials.
Further hardened IP-level access controls and firewalls on the VPS deployment gateway to prevent this vulnerability from being exploited again.
Additionally, as part of our long-term improvement strategy, we are moving away from the third-party platform. All VPS services will be transitioned to our new in-house platform, which is currently in the final stages of testing and will be launched by the end of March.

Next Steps for Our Clients
90% of the affected nodes are now ready for VPS re-installation. When you visit your VPS management page, you will see a banner similar to the one below:

title
Once this banner appears on your VPS management page, it is safe to proceed with re-installation and restore any backups you have available.

Note: VPS re-installation may take 3–6 hours due to the current re-install queue.

We truly understand the frustration and challenges this incident may have caused, and we sincerely apologize for the disruption. While this situation was outside of our control, please know that we are taking this matter very seriously and are fully committed to improving our systems and processes to prevent similar incidents in the future.

If you have any immediate concerns or need assistance, our support team is here to help.

A detailed incident report will be available upon request once the incident is fully resolved.

Thank you for your patience and continued trust in CloudCone.

Sincerely,
The CloudCone Team