U.S. cloud computing firm Rackspace had limited customer information from its internal web servers compromised following an attack exploiting a zero-day vulnerability impacting a third-party app used by the servers last week, according to The Register.
Threat actors leveraged the zero-day to infiltrate three of Rackspace's internal monitoring web servers with the ScienceLogic app and the third-party utility, facilitating access to customers' account names and numbers, usernames, Rackspace internally generated device IDs, device names and IP addresses, and AES256 encrypted Rackspace internal device agent credentials, a notification letter to Rackspace customers stated. Additional details regarding the third-party utility have not been provided but both Rackspace and ScienceLogic have downplayed the impact of the incident. "No other Rackspace products, platforms, solutions, or businesses were affected by this event. We have actively notified all affected customers and are updating customers as appropriate," said Rackspace.
