Datadog chews on data breach, AWS user credentials in leak

Multiple servers were involved in the information leak.

Datadog has admitted to becoming a victim of a data breach and has recommended that users immediately revoke and change their credentials.

datadog-aws-data-breach-leak-zdnet.jpg

Datadog provides metrics for cloud providers across services, apps, and systems, offering software-as-a-service (SaaS) which can integrate with platforms including Amazon Web Services (AWS), Microsoft Windows Azure, Google's cloud platform, and Java.

The firm's major partners include AWS, Slack, MongoDB, and Fastly.

Datadog sent an email warning users of the data breach over the weekend, asking them to reset their credentials if they had stored passwords -- with the exception of Google Auth and SAML users, who are not affected -- as well as a notice to admin users, instructing them to revoke or change credentials stored in the Datadog system.

In a security advisory posted last week, Datadog said the company detected unauthorized activity on a small number of production infrastructure servers on Friday. One of the systems involved was a database which stored user credentials.

While it is not yet known what may have been stolen and by whom, at least one user has contacted Datadog claiming that an attacker unsuccessfully attempted to use their AWS credentials, which were stored with the analytics firm.

"To err on the side of caution, we are recommending revocation of all credentials shared with Datadog," the company says. "For AWS users, Datadog supports two mechanisms of integration. As you update AWS integration credentials we strongly encourage the use of AWS IAM Role Delegation. This stronger method of AWS integration prevents the sharing of security credentials, such as access keys, between accounts."

The company has some large tech companies to keep happy, and thankfully, it seems that Datadog's security has prevented the data breach from becoming catastrophic.

Datadog chief security officer Andrew Bechere said that passwords are stored using bcrypt with a unique salt, which will make cracking the credentials very difficult and time-consuming -- which will give clients plenty of time to change their credentials and protect their data.

According to the company, "known" vulnerabilities which may have prompted the breach have been patched and both compromised systems and infrastructure have been repaired. Datadog is also quick to note that any Datadog agents running on client servers are not affected by the information leak.

The company is still trying to work out exactly what happened and has promised that a more substantial post-mortem and plan will follow.