Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

PagerDuty Warns Customers of Data Breach

San Francisco-based operations performance management company PagerDuty informed customers on Thursday that its systems were breached earlier this month.

San Francisco-based operations performance management company PagerDuty informed customers on Thursday that its systems were breached earlier this month.

According to Andrew Miklas, PagerDuty co-founder and CTO, the intrusion was detected on July 9 and the attack was blocked within a few hours. An investigation revealed that the attacker managed to bypass multiple layers of authentication and gained access to an administrative panel provided by one of the company’s hosting providers.

This allowed the attacker to log into a replica of a PagerDuty database containing users’ names, email addresses, password hashes, and public calendar feed URLs. Miklas says there is no evidence that the attacker gained access to corporate, financial, technical, or sensitive user information.

“As you know, we do not collect customers’ social security numbers and we do not store or have access to customer credit card numbers. This incident also had no impact on our ability to provide services to our customers,” Miklas said in a blog post.

The company believes it’s unlikely that the attacker will manage to crack the passwords because they have been hashed using unique, randomly generated 40-character salt and pepper, and there is no evidence that the attacker accessed the pepper.

“If you have logged into your account since January 1, 2015, your password is hashed with Bcrypt with a work factor of 10, using a per-user randomly generated salt and a site-wide pepper,” PagerDuty told customers. “Older passwords are hashed with SHA-1 stretched over multiple rounds and using the same salt and pepper approach.”

Nevertheless, the company is asking customers to change their passwords as a precaution. Those who don’t change their passwords until August 3 will be logged out from their accounts and they will receive an email prompting them to change their password. Customers are also advised to reset calendar feed URLs, which provide a read-only calendar of when they are on-call, and revoke and re-add access to mobile devices linked to PagerDuty accounts.

Users have also been advised to keep an eye out for phishing attempts that might leverage stolen names and email addresses.

PagerDuty has called in a cyber security forensics firm to investigate the breach. An investigation is also being conducted by law enforcement.

The company says it has enhanced its monitoring and detection capabilities following the incident.

PagerDuty provides organizations alerting, on-call scheduling, escalation policies and incident tracking to help them increase the uptime of their websites, apps, databases and servers. The company’s customer list includes Adobe, Airbnb, Pinterest, Etsy, GitHub, Intuit, National Instruments, the Wikimedia Foundation, Panasonic, Evernote and Rackspace.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Incident Response

Implementation of security automation can be overwhelming, and has remained a barrier to adoption