Rackspace reports data breach exposing customer data
Learn More
The cloud hosting provider Rackspace is reporting a data breach caused by exploitation of a zero-day vulnerability in a third-party tool integrated within ScienceLogic’s SL1 platform. This platform is used by Rackspace to monitor its IT infrastructure. The breach allowed threat actors to gain access to three internal monitoring servers, exposing sensitive customer data.
Rackspace temporarily disabled monitoring graphs on its MyRack portal while it worked to remediate the security risk.
The zero-day vulnerability was located in a non-ScienceLogic third-party utility delivered with the SL1 package. ScienceLogic, in collaboration with Rackspace, quickly developed a patch to address the vulnerability, distributing it to all impacted customers.
The attack led to the exposure of customer monitoring data, including:
- Customer account names and numbers
- Customer usernames
- Rackspace-generated device IDs and device information
- Device IP addresses
- AES256 encrypted Rackspace internal device agent credentials
Despite the credentials being encrypted, Rackspace rotated them as a precautionary measure. No customer service disruptions were reported, and no other Rackspace products or services were affected by the breach.
Rackspace has assured customers that no immediate action is required on their part, as the malicious activity has been halted.
The company has notified all affected customers, but it remains unclear how many were impacted.
Update - As of 2nd of October, ScienceLogic developed a patch to mitigate the vulnerability, which has been distributed to all affected customers globally. ScienceLogic did not disclose the identity of the third-party utility involved in the breach.
