Almost one week ago, in the early hours of December 2nd, customers noticed issues with their services. A message was posted on their status site stating, "We are investigating an issue that is affecting our Hosted Exchange environments. More details will be posted as they become available."
Although the company had posted a notice on its status page, the average customer was unaware of this part of the website. Clients averaged over two hours before reaching someone in the company's call center. Even when they reached the call center, customer care agents were not fully briefed on the outage and potential impact or solutions.
The system outage disrupted email services for thousands of small and midsize organizations. Rackspace's advice was for their customers to move to a competitor's platform. This left Rackspace customers desperate, frustrated, and many outright furious for the lack of support or communications from the company.
It was not until four days later, on December 6th, that they admitted that they were the victims of a ransomware attack. The identification of the issue that had knocked its Hosted Exchange environment offline was found to be isolated to its Exchange hosting platform.
"At this time, we are unable to provide a timeline for restoration of the Hosted Exchange environment," Rackspace said. "We are working to provide customers with archives of inboxes where available, to eventually import over to Microsoft 365."
Rackspace acknowledged that moving to Microsoft 365 will not be an easy path for its customers and is trying to allocate additional resources to the ongoing outage. "We recognize that setting up and configuring Microsoft 365 can be challenging, and we have added all available resources to help support customers," it said. Rackspace suggested that as a temporary solution, customers could enable a forwarding option, so mail destined to their Hosted Exchange account goes to an external email address instead.
"We appreciate your patience as we continue to work through the security issues that have affected our Hosted Exchange environment. As you know, on Friday, December 2nd, 2022, we became aware of suspicious activity and immediately took proactive measures to isolate the Hosted Exchange environment to contain the incident. We have since determined this suspicious activity was the result of a ransomware incident."
The ongoing issues affecting Rackspace's hosted Microsoft Exchange service remains ongoing at the time of this publication. The company's advice for customers is to move to an alternative platform to limit disruption and restore their services. At least one class-action lawsuit has already popped up. The lawsuit, filed by a California-based law firm, Cole & Van Note, on behalf of Rackspace customers, has accused the company of "negligence and related violations" around the breach.
This massive security incident has already affected the publicly traded Rackspace's share price down nearly 20% over the past five days. In a recent SEC filing, the company has already warned that the incident could potentially cause a loss in revenue for the company's nearly $30 million Hosted Exchange business.