The attackers who compromised Web hosting provider Linode used a zero day vulnerability in Adobe ColdFusion. The company said that the customer credit card numbers were encrypted, as were the passwords, but it forced a system-wide password reset after the attack was discovered. The attack on Linode was described by the company on Monday, a few days after it said that one of its customers was compromised. The details of the attack are quite similar to other attacks that have resulted in password leaks and database breaches.
Source: https://threatpost.com/linode-hacked-through-coldfusion-zero-day-041613/77733/