LogicMonitor customers hit by data breach following poor password policy
Default passwords were weak and LogicMonitor customers got hurt
A number of clients of LogicMonitor, the cloud-based infrastructure monitoring platform, suffered a data breach, with the finger of blame pointed at the company.
Speakingg to TechCrunch, one of the victims (under the condition of full anonymity), noted their organization was breached because the passwords LogicMonitor assigned them during the initial setup were weak and have never been changed.
“When you set up an account with [LogicMonitor], they define a default password and all user accounts for your organization/account are made with that password,” the source said. “They also didn’t require the changes, nor were they temporary passwords, until this week. Now the setup password lasts 30 days and must be changed on first login.”
Reader Offer: Save up to 68% on Aura identity theft protection
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal. Save up to 50% today.
Preferred partner (What does this mean?)
Temporary passwords
LogicMonitor confirmed the incident, with the company’s spokesperson claiming a handful of clients fell victim:
“We are currently addressing a security incident that has affected a small number of our customers. We are in direct communication and working closely with those customers to take appropriate measures to mitigate impact,” said LogicMonitor’s spokesperson, Jesica Church.
The customers told the press that LogicMonitor reached out to notify them of the incident, and to warn them that the breach could result in a ransomware attack. No additional details were available at the moment, so we don’t know who the threat actor behind the attack is, or what their motives are.
According to figures from the LATKA SaaS database, LogicMonitor has had $61.2 million in revenue this year, with an employee base of more than 1,100 people. Its website says that it monitors “800 billion metrics” a day, across three million devices, and that it has more than 100,000 software users in 30 countries around the world.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
- Check out our list of the best ID theft protection solutions around
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.