The team behind Datadog, a widely used SaaS-based monitoring and analytics platform for IT infrastructure, operations and development teams, has announced on Friday that they have suffered a breach.
“We have detected unauthorized activity associated with a handful of production infrastructure servers, including a database that stores user credentials. A user also has reported unsuccessful attempts to use AWS credentials shared with Datadog,” the company’s CSO Andrew Becherer explained in a security notice published on the company blog.
Users and admin users have been notified of the incident by email the day before the breach was made public, and urged to revoke or rotate any credentials in use in their account.
Becherer says that the potentially compromised passwords were stored using bcrypt with a unique salt, but have all been invalidated just in case.
“Datadog is currently operational. We have rebuilt all identified compromised systems and additional infrastructure. Any known vulnerabilities have been mitigated,” he added, and assured users that any Datadog agents running on their servers have not been affected by this incident, and are not designed to receive data or code from Datadog’s servers.
More details about the attack will be provided once the company and the third party incident response and forensics experts called in to investigate manage to piece together how it happened. The results of the investigation will be used to improve security measures.
Datadog serves thousands of customers around the world, including Facebook, Salesforce, Spotify and Netflix. Its agent for gathering metrics and events can gather performance data from a wide range of systems, apps and services.