September 30, 2024 at 07:18PM
Rackspace recently faced a security breach when intruders exploited a zero-day bug in a third-party application, impacting its internal performance monitoring system. This led to temporary suspension of its monitoring dashboard. Although some customer information was accessed, Rackspace promptly isolated the affected equipment and worked on a patch in collaboration with ScienceLogic.
Key Takeaways from Meeting Notes:
– Rackspace discovered a zero-day remote code execution vulnerability in a non-Rackspace utility packaged with the ScienceLogic application, leading to a security breach.
– Intruders accessed three of Rackspace’s internal monitoring webservers and retrieved limited monitoring information, including customer account names, numbers, usernames, device IDs, device information, device IP addresses, and AES256 encrypted Rackspace internal device agent credentials.
– The letter sent to Rackspace customers confirms the breach but assures them that no remediation steps are necessary. Rackspace has rotated the internal device agent credentials as a precaution.
– Rackspace confirmed no other customer service disruptions and that no other Rackspace products, platforms, solutions, or businesses were affected by the breach.
– Upon spotting the security breach, Rackspace immediately isolated the affected equipment, took them offline, and worked with ScienceLogic to develop and apply a patch.
– ScienceLogic informed their customers and actively notified Rackspace customers using their third-party monitoring service about the breach.
– This incident follows a ransomware attack on Rackspace’s hosted Microsoft Exchange service in December 2022, resulting in approximately $11 million in related expenses.