Rackspace internal systems hit by security threat, customer data exposed

Supply chain attack resulted in Rackspace customer data being accessed

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Rackspace has reportedly suffered a supply chain attack that resulted in some internalmonitoringinformation belonging to its clients being accessed.

Apparently, Rackspace used its own servers to host a monitoring dashboard, built by ScienceLogic, for its customers. ScienceLogic is an IT operations management platform that provides real-time monitoring, automation, and analytics for hybrid IT environments. Bundled with this monitoring dashboard came a piece of software (which ScienceLogic does not want to identify at this time) that contained a zero-day vulnerability.

“We identified a zero-day remote code execution vulnerability within a non-ScienceLogic third-party utility that is delivered with the SL1 package, for which no CVE has been issued,” a spokesperson for ScienceLogic toldThe Register.

Notifying the users

Notifying the users

As it turns out, threat actors found out about thiszero-day, and used it to gain access to Rackspace’s servers. There, they grabbed some internal monitoring information belonging to the company’s clients.

The Registeralso obtained a copy of a letter the company sent to affected customers. In it, Rackspace says that the internal monitoring information included customer account names and numbers, customer usernames, Rackspace internally generated device IDs, names and device information, device IP address, and AES256-encrypted Rackspace internal device agent credentials.

As soon as the company discovered the intrusion, it temporarily shut down its monitoring dashboard for its customers. ScienceLogic came back with a patch, and the vulnerability was fixed. Other than that, there was no additional impact. Customer performance monitoring was left untouched, and no other customer services were disrupted, it was said.

Consequently, customers need not take any action at this time. Still, Rackspace says that “in an abundance of caution”, users should rotate the Rackspace internal device agent credentials. Besides Rackspace, ScielceLogic also notified the customers of the incident.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)