Rackspace Technology has informed its customers that attackers took advantage of a zero-day vulnerability in a third-party application, resulting in unauthorised access to its internal performance monitoring system, as per a report in The Register.
This security breach led the American cloud computing company to temporarily disable its monitoring dashboard used by customers. The issue seems to have arisen from Rackspace hosting a ScienceLogic-powered monitoring dashboard on its internal servers. The vulnerability was contained in a program inside ScienceLogics’s software. The attackers exploited this flaw, gaining access to the servers and extracting some monitoring-related customer data before detection.
A spokesperson for the company told The Register that the breach had been discovered on 24 September. Rackspace confirmed the flaw was identified and exploited by the attackers.
Rackspace vulnerability hidden in ScienceLogic platform
Rackspace uses the ScienceLogic platform for internal system monitoring and provides its users with a dashboard.
The exploitation of the vulnerability allowed unauthorised access to three of Rackspace’s internal monitoring web servers, according to the company. Customer performance monitoring remained unaffected, but customers could not access their monitoring dashboards during the incident. There was no further impact on other services provided by Rackspace.
In a letter sent to its customers, Rackspace outlined the information that was accessed during the breach. The data included customer account names and numbers, usernames, device information, device IP addresses, and encrypted internal device agent credentials.
According to the letter, customers were not required to take any steps in response to the breach. However, Rackspace initiated a rotation of its internal device agent credentials as a precautionary measure.
Rackspace assured customers that no other services, products, or platforms were affected. The company stated that all impacted customers had been informed, and further updates would be provided if necessary. Upon discovering the security breach, Rackspace isolated the affected equipment and took it offline. The company then collaborated with ScienceLogic to develop and implement a fix.
In December 2022, Rackspace’s Microsoft Exchange server came under a cyberattack from the PLAY cybercrime gang. The attack impacted the email accounts of more than 30,000 users, with most of them unable to access their emails or archived data for a number of weeks.