Some prospects of the community security firm LogicMonitor have been hacked attributable to using default passwords, information.killnetswitch has discovered.
A LogicMonitor spokesperson confirmed to information.killnetswitch that there’s “a security incident” affecting a few of the firm’s prospects.
“We’re at the moment addressing a security incident that has affected a small variety of our prospects. We’re in direct communication and dealing carefully with these prospects to take acceptable measures to mitigate influence,” LogicMonitor’s spokesperson Jesica Church mentioned in an announcement.
The incident is because of the truth that, till lately, LogicMonitor was assigning prospects default — and weak — passwords reminiscent of “Welcome@” plus a brief quantity, based on a supply at an organization that was impacted by the incident, and who requested to stay nameless as they weren’t approved to talk to the press.
“While you arrange an account with [LogicMonitor], they outline a default password and all person accounts on your group/account are made with that password,” the supply instructed information.killnetswitch. “In addition they didn’t require the adjustments, nor had been they momentary passwords, till this week. Now the setup password lasts 30 days and should be modified on first login.”
Based on an e mail despatched by certainly one of LogicMonitor’s prospects and seen by information.killnetswitch, “LogicMonitor had reached out to us proactively with a attainable username/password breach for just a few of their prospects by way of a name, which might result in methods which are being monitored by LogicMonitor to be compromised with a ransomware assault and henceforth this proactive attain out.”
LogicMonitor’s spokesperson mentioned the corporate can not share extra particulars concerning the incident at this level.
The supply mentioned they’re conscious of a breached firm that misplaced greater than 400 methods attributable to a ransomware assault that exploited their weak default password.
LogicMonitor supplies a software-as-a-service platform that provides prospects visibility into their community infrastructure, together with within the cloud. The corporate says on its official web site that it “screens 800 billion metrics per day throughout three million energetic gadgets,” and that “it has greater than 100,000 software program customers throughout 30 completely different nations.”
