Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

PagerDuty Warns Customers of Data Breach

San Francisco-based operations performance management company PagerDuty informed customers on Thursday that its systems were breached earlier this month.

San Francisco-based operations performance management company PagerDuty informed customers on Thursday that its systems were breached earlier this month.

According to Andrew Miklas, PagerDuty co-founder and CTO, the intrusion was detected on July 9 and the attack was blocked within a few hours. An investigation revealed that the attacker managed to bypass multiple layers of authentication and gained access to an administrative panel provided by one of the company’s hosting providers.

This allowed the attacker to log into a replica of a PagerDuty database containing users’ names, email addresses, password hashes, and public calendar feed URLs. Miklas says there is no evidence that the attacker gained access to corporate, financial, technical, or sensitive user information.

“As you know, we do not collect customers’ social security numbers and we do not store or have access to customer credit card numbers. This incident also had no impact on our ability to provide services to our customers,” Miklas said in a blog post.

The company believes it’s unlikely that the attacker will manage to crack the passwords because they have been hashed using unique, randomly generated 40-character salt and pepper, and there is no evidence that the attacker accessed the pepper.

“If you have logged into your account since January 1, 2015, your password is hashed with Bcrypt with a work factor of 10, using a per-user randomly generated salt and a site-wide pepper,” PagerDuty told customers. “Older passwords are hashed with SHA-1 stretched over multiple rounds and using the same salt and pepper approach.”

Nevertheless, the company is asking customers to change their passwords as a precaution. Those who don’t change their passwords until August 3 will be logged out from their accounts and they will receive an email prompting them to change their password. Customers are also advised to reset calendar feed URLs, which provide a read-only calendar of when they are on-call, and revoke and re-add access to mobile devices linked to PagerDuty accounts.

Users have also been advised to keep an eye out for phishing attempts that might leverage stolen names and email addresses.

Advertisement. Scroll to continue reading.

PagerDuty has called in a cyber security forensics firm to investigate the breach. An investigation is also being conducted by law enforcement.

The company says it has enhanced its monitoring and detection capabilities following the incident.

PagerDuty provides organizations alerting, on-call scheduling, escalation policies and incident tracking to help them increase the uptime of their websites, apps, databases and servers. The company’s customer list includes Adobe, Airbnb, Pinterest, Etsy, GitHub, Intuit, National Instruments, the Wikimedia Foundation, Panasonic, Evernote and Rackspace.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Cloud Security

VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.