Technology infrastructure monitoring firm New Relic on Friday disclosed a cyber incident that impacted an internal environment.
The environment, the company said in an incident notification, hosts information related to how customers are using New Relic, as well as certain logs.
According to San Francisco-based New Relic, the attackers gained access to the environment using social engineering and stolen credentials for an employee account.
No telemetry and application data sent by customers when using the New Relic platform was hosted on the compromised system.
The company claims it has secured the environment, revoked access to the compromised employee account, and implemented additional measures to harden access controls and credential theft defenses.
New Relic also notes that its investigation uncovered no evidence of lateral movement from the compromised environment.
The company discovered that attackers had accessed certain customer accounts.
New Relic promptly reset the passwords for those accounts, removed API keys, and suspended the accounts.
The attackers, New Relic says, used stolen credentials to access those accounts, but did not acquire the credentials from the attack on its internal environment.
New Relic advises users to enable multi-factor authentication for accounts configured with SAML, SSO, and SCIM, to avoid password reuse, and to maintain a good password hygiene.
This Cyber News was published on packetstormsecurity.com. Publication date: Mon, 04 Dec 2023 13:43:04 +0000