Technology infrastructure monitoring firm New Relic on Friday disclosed a cyber incident that impacted an internal environment.
The environment, the company said in an incident notification, hosts information related to how customers are using New Relic, as well as certain logs.
According to San Francisco-based New Relic, the attackers gained access to the environment using social engineering and stolen credentials for an employee account.
However, no telemetry and application data sent by customers when using the New Relic platform was hosted on the compromised system.
“Customers confirmed to have been impacted by this incident have been notified with recommended next steps,” the company said.
The company claims it has secured the environment, revoked access to the compromised employee account, and implemented additional measures to harden access controls and credential theft defenses.
New Relic also notes that its investigation uncovered no evidence of lateral movement from the compromised environment.
However, the company discovered that attackers had accessed certain customer accounts. New Relic promptly reset the passwords for those accounts, removed API keys, and suspended the accounts.
The attackers, New Relic says, used stolen credentials to access those accounts, but did not acquire the credentials from the attack on its internal environment.
“It appears the credentials were harvested in recent large-scale social engineering and credential compromise attacks, which may have put these New Relic user accounts at risk. In cases where we identify this suspected access, we are proactively reaching out to these customers,” the company says.
New Relic advises users to enable multi-factor authentication for accounts configured with SAML, SSO, and SCIM, to avoid password reuse, and to maintain a good password hygiene.
“We also recommend that you remain vigilant and monitor your account for suspicious activity. For example, as an additional security measure, you should regularly audit the changes made in your New Relic environment – particularly when you suspect unusual activity,” the company adds.