igor - Fotolia
Datadog calls for password reset after cyber breach
Monitoring and analytics firm detected unauthorised activity associated with production servers and database of user credentials
Cloud-based IT systems monitoring and analytics firm Datadog is requiring customers, which include Salesforce, Citrix and the New York Times, to change their passwords after a security breach.
The company detected unauthorised activity associated with some production servers and a database of user credentials, but said Google Auth and SAML users are not affected.
Despite the fact that the user credentials are protected using bcrypt hashing and a unique salt, Datadog is requiring customers to reset their passwords and recommending that they revoke all credentials shared with Datadog “to err on the side of caution”, the company said in a blog post.
The firm said a user reported unsuccessful attempts to use AWS (Amazon Web Services) credentials shared with Datadog, which possibly indicates that the hackers have accessed the credentials and are either attempting to use them or have shared them with others.
“For AWS users, Datadog supports two mechanisms of integration,” the company said. “As you update AWS integration credentials, we strongly encourage the use of AWS IAM Role Delegation. This stronger method of AWS integration prevents the sharing of security credentials, such as access keys, between accounts.”
Although Datadog has rebuilt all identified compromised systems and additional infrastructure and mitigated any known vulnerabilities, the company admits it is still piecing together the attack with the help of external incident response and forensics experts.
This highlights the fact that many organisations are unable to identify hacker activity on their networks and systems. This often means delays in identifying the true scope and nature of cyber attacks.
On 8 July 2016, the Wendy’s fast-food chain revealed that a data breach first reported in May 2016 had affected three times as many US franchise stores than was first thought.
Read more about supply chain security
- Business is increasingly recognising the importance of information security, but information security within supply chains is still widely overlooked.
- A comprehensive security strategy must include the supply chain.
- The UK government will require IT suppliers to comply with the five security controls laid out in its Cyber Essential Scheme.
- A new mobile trojan dubbed ‘DeathRing’ is being pre-loaded on to smartphones somewhere in the supply chain, warn researchers.
Joe Fantuzzi, CEO of risk management firm RiskVision, said the initial size of a data breach is often underreported and underestimated because organisations simply do not have enough insight about their environment.
“Organisations need to develop a means of effectively assessing third-party risks and developing an actionable plan for identifying suspicious activity coming from third parties,” he said.
Increasingly, attackers are going after vulnerable third parties to reach their targets because they are the weak link from a security standpoint, said Fantuzzi.
“What is more, most organisations don’t have insight into the risk around their third-party suppliers and partners and therefore don’t have the ability to assess and remediate the threat or even take measures to prevent an attack,” he said.
According to Fantuzzi, the Wendy’s breach indicates a trend of breaches involving third parties that will rapidly increase going forward. .........................................................