Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

PagerDuty Warns Customers of Data Breach

San Francisco-based operations performance management company PagerDuty informed customers on Thursday that its systems were breached earlier this month.

San Francisco-based operations performance management company PagerDuty informed customers on Thursday that its systems were breached earlier this month.

According to Andrew Miklas, PagerDuty co-founder and CTO, the intrusion was detected on July 9 and the attack was blocked within a few hours. An investigation revealed that the attacker managed to bypass multiple layers of authentication and gained access to an administrative panel provided by one of the company’s hosting providers.

This allowed the attacker to log into a replica of a PagerDuty database containing users’ names, email addresses, password hashes, and public calendar feed URLs. Miklas says there is no evidence that the attacker gained access to corporate, financial, technical, or sensitive user information.

“As you know, we do not collect customers’ social security numbers and we do not store or have access to customer credit card numbers. This incident also had no impact on our ability to provide services to our customers,” Miklas said in a blog post.

The company believes it’s unlikely that the attacker will manage to crack the passwords because they have been hashed using unique, randomly generated 40-character salt and pepper, and there is no evidence that the attacker accessed the pepper.

“If you have logged into your account since January 1, 2015, your password is hashed with Bcrypt with a work factor of 10, using a per-user randomly generated salt and a site-wide pepper,” PagerDuty told customers. “Older passwords are hashed with SHA-1 stretched over multiple rounds and using the same salt and pepper approach.”

Nevertheless, the company is asking customers to change their passwords as a precaution. Those who don’t change their passwords until August 3 will be logged out from their accounts and they will receive an email prompting them to change their password. Customers are also advised to reset calendar feed URLs, which provide a read-only calendar of when they are on-call, and revoke and re-add access to mobile devices linked to PagerDuty accounts.

Users have also been advised to keep an eye out for phishing attempts that might leverage stolen names and email addresses.

PagerDuty has called in a cyber security forensics firm to investigate the breach. An investigation is also being conducted by law enforcement.

The company says it has enhanced its monitoring and detection capabilities following the incident.

PagerDuty provides organizations alerting, on-call scheduling, escalation policies and incident tracking to help them increase the uptime of their websites, apps, databases and servers. The company’s customer list includes Adobe, Airbnb, Pinterest, Etsy, GitHub, Intuit, National Instruments, the Wikimedia Foundation, Panasonic, Evernote and Rackspace.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...