Data Breach on Datadog Servers, Asked to Change Passwords

By | July 11, 2016

Data Beach for Datadog servers

The software-as-a-service monitoring and analytics platform company Datadog has faced a massive attack on their servers. Due to this attack, Hackers breached their servers and a user credential database. Datadog has high profile clients including Facebook, Spotify, Citrix and others has strongly suggested that customers initiate password resets in efforts to err on the side of caution.

Chief Security Officer, Andrew Becherer of Datadog confirmed the breach in a blog

Last night we sent email notifications regarding a security incident that took place within our server infrastructure on 2016-07-08. While our team is working on the technical and forensics aspects of the incident response, we want to be fully transparent with you regarding our current status and help you protect your own infrastructure. You’ll find answers to some of the questions you may have below. Again, we apologize for the inconvenience and extra work this represents, and are committed to assist you through this process.

“We have detected unauthorized activity associated with a handful of production infrastructure servers, including a database that stores user credentials. We strongly recommend that you immediately revoke or rotate any credentials in use in your Datadog account as described in our email,”.

They have sent to emails to their customers

  1. A password reset notice that was sent to all users with a stored password (Google Auth and SAML users aren’t affected)
  1. A security notice that was sent to all admin users, instructing them to rotate / revoke credentials stored in Datadog If you have any concerns about the legitimacy of any email you have received from Datadog know that you can reset your password by directly visiting our site at https://app.datadoghq.com.

Any Datadog agents running on your servers are not affected by this incident. They were designed to never receive any data or code from our servers. They are also isolated from our own infrastructure, only ever communicating outbound from your instances to us via HTTPS. Our agents do not send local credentials to Datadog servers for storage.

Subscribe for latest security updates