Rackspace fell victim to a cyberattack caused by a zero-day vulnerability in a third-party application, as reported by The Register. The hacking incident impacted the internal system monitoring system, leading to the temporary disablement of the monitoring panel for customers.
The monitoring system used by Rackspace, Scienceelogic, was exploited by attackers through a zero-day vulnerability in one of its components. This breach allowed hackers to access three internal Rackspace servers and some monitoring-related information.
Fortunately, the customer monitoring system’s functionality itself remained unaffected. Users only experienced temporary unavailability of the monitoring panel, while other services of the company continued to operate normally.
In a communication to customers, Rackspace disclosed that the attackers were able to obtain limited information, including names, account numbers, customer logins, internal identifiers, IP addresses of devices, and encrypted passwords for internal agents of devices. However, the company assured customers that no additional actions were required on their part.
Rackspace promptly isolated the compromised equipment, shut it down, and collaborated with Scienceelogic to develop and implement patches to address the vulnerabilities. Scienceelogic also notified its customers and released an update to mitigate the risk. The name of the vulnerable software was not disclosed by the company to prevent further risks.
This incident marks the second time Rackspace has been targeted using a zero-day vulnerability, following a previous attack in December 2022 when its customer email service was compromised due to an infection in the Microsoft Exchange hosting program. The losses incurred from that incident were approximately $11 million.