Rackspace internal systems hit by security threat, customer data exposed

"We identified a zero-day remote code execution vulnerability within a non-ScienceLogic third-party utility that is delivered with the SL1 package, for which no CVE has been issued," a spokesperson for ScienceLogic told The Register.

Notifying the users

As it turns out, threat actors found out about this zero-day, and used it to gain access to Rackspace’s servers. There, they grabbed some internal monitoring information belonging to the company’s clients.

The Register also obtained a copy of a letter the company sent to affected customers. In it, Rackspace says that the internal monitoring information included customer account names and numbers, customer usernames, Rackspace internally generated device IDs, names and device information, device IP address, and AES256-encrypted Rackspace internal device agent credentials.

As soon as the company discovered the intrusion, it temporarily shut down its monitoring dashboard for its customers. ScienceLogic came back with a patch, and the vulnerability was fixed. Other than that, there was no additional impact. Customer performance monitoring was left untouched, and no other customer services were disrupted, it was said.

Consequently, customers need not take any action at this time. Still, Rackspace says that “in an abundance of caution”, users should rotate the Rackspace internal device agent credentials. Besides Rackspace, ScielceLogic also notified the customers of the incident.

More from TechRadar Pro

• Rackspace confirms "security incident" across some of its servers
• Here's a list of the best firewalls around today
• These are the best endpoint security tools right now