Alarm aggregation and dispatching service PagerDuty detected an unauthorized intrusion by an attacker who gained access to customer information, and the company is now requiring that all customers change their passwords.
How many victims? All customers are being required to change passwords.
What type of personal information? Names, email addresses, hashed passwords and public calendar feed URLs.
What happened? PagerDuty detected an unauthorized intrusion by an attacker who gained access to customer information.
What was the response? PagerDuty shut down the attack within a few hours of the intrusion and immediately took steps to mitigate the issue, including enhancing its monitoring and detection capabilities and further hardening its environment. Users will be required to change their passwords on Aug. 3, and PagerDuty recommends that customers reset calendar feed URLs and revoke and re-add access to any mobile devices linked to their PagerDuty account.
Details: PagerDuty detected the unauthorized intrusion on July 9. The attacker bypassed multiple layers of authentication and gained unauthorized access to an administrative panel provided by one of PagerDuty’s infrastructure providers. They were then able to log into a replica of one of PagerDuty’s databases.
Quote: “Passwords are hashed with a salt and pepper, and we have no evidence that the attacker was able to access the pepper, which makes it computationally infeasible that the hashed passwords can be used in any way by the attacker,” Andrew Miklas, CTO of PagerDuty, wrote in a notification posted to the website. “The calendar feed URLs provide users with a read-only calendar of when they are on-call.”
Source: pagerduty.com, “Important Security Announcement From PagerDuty,” July 30, 2015.