Hacker bites Datadog, finds hard-to-chew bcrypt passwords

Customers told to reset creds even though no leg-lifting password spray has wet the net

Software as a service monitoring platform Datadog, used by the likes of Facebook, Salesforce, and Citrix, has been breached and therefore suggested strongly that customers reset their passwords.

The company says attackers hit multiple servers Friday including production servers, and a database of user credentials.

Other customers of the popular tech firm include Spotify, The New York Times, and Samsung.

At least one user has detected unsuccessful attempts to use Amazon Web Services credentials shared with the breached service.

Datadog chief security officer Andrew Becherer says affected passwords are stored using bcrypt with a unique salt making it one of the strongest ways to keep the credentials and slow decryption efforts.

"We have detected unauthorised activity associated with a handful of production infrastructure servers, including a database that stores user credentials," Becherer says.

"A user also has reported unsuccessful attempts to use AWS credentials shared with Datadog.

"To err on the side of caution, we are recommending revocation of all credentials shared with Datadog."

"Datadog is currently operational. We have rebuilt all identified compromised systems and additional infrastructure. Any known vulnerabilities have been mitigated."

The company says it will provide more information about the breach after external incident response and forensics wonks have completed their analysis.

Amazon Web Services users are "strongly encouraged" to use Identity and Access Management Role Delegation which prevents the sharing of security credentials between accounts.

"... we apologise for the inconvenience and extra work this represents, and are committed to assist you through this process," Becherer says. ®


Biting the hand that feeds IT © 1998–2017