Connect with us

Hi, what are you looking for?


Incident Response

New Relic Says Hackers Accessed Internal Environment Using Stolen Credentials

New Relic said hackers gained access to an environment using social engineering and stolen credentials for an employee account.

Breach at New Relic

Technology infrastructure monitoring firm New Relic on Friday disclosed a cyber incident that impacted an internal environment.

The environment, the company said in an incident notification, hosts information related to how customers are using New Relic, as well as certain logs.

According to San Francisco-based New Relic, the attackers gained access to the environment using social engineering and stolen credentials for an employee account.

However, no telemetry and application data sent by customers when using the New Relic platform was hosted on the compromised system.

“Customers confirmed to have been impacted by this incident have been notified with recommended next steps,” the company said.

The company claims it has secured the environment, revoked access to the compromised employee account, and implemented additional measures to harden access controls and credential theft defenses.

New Relic also notes that its investigation uncovered no evidence of lateral movement from the compromised environment.

However, the company discovered that attackers had accessed certain customer accounts. New Relic promptly reset the passwords for those accounts, removed API keys, and suspended the accounts.

Advertisement. Scroll to continue reading.

The attackers, New Relic says, used stolen credentials to access those accounts, but did not acquire the credentials from the attack on its internal environment.

“It appears the credentials were harvested in recent large-scale social engineering and credential compromise attacks, which may have put these New Relic user accounts at risk. In cases where we identify this suspected access, we are proactively reaching out to these customers,” the company says.

New Relic advises users to enable multi-factor authentication for accounts configured with SAML, SSO, and SCIM, to avoid password reuse, and to maintain a good password hygiene.

“We also recommend that you remain vigilant and monitor your account for suspicious activity. For example, as an additional security measure, you should regularly audit the changes made in your New Relic environment – particularly when you suspect unusual activity,” the company adds.

Related: University of Michigan Says Personal Information Stolen in August Data Breach

Related: Toyota Discloses New Data Breach Involving Vehicle, Customer Information

Related: T-Mobile Says Personal Information Stolen in New Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...


Cloud company Rackspace has completed its investigation into the recent ransomware attack and found that the hackers did access some customer resources.