New Relic says it's been hit by some sort of cyberattack

News
By
published

A cyber-incident happened, but it's not been revealed what kind

Cyberattack
(Image credit: Cyberattack)

US-based tracking and analytics company New Relic has confirmed suffering a cyberattack, but not revealed much in the way of exactly what happened, or what the effects have been.

The news was confirmed in a security bulletin the company posted online - however this lacked any concrete information, and the company’s decision is to keep all relevant information to itself.

“We value our New Relic community and want to make our customers aware of a recent cybersecurity incident that we are working diligently to investigate with the support of third-party cybersecurity experts,” the bulletin reads. “Customers will be directly contacted if there are any specific actions required of you. To be clear, if you do not hear from us, there is no action you need to take at this time.”

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Stolen passwords?

While it’s commendable that New Relic wants to give its customers a heads-up, this lack of context will induce a sense of paranoia. We don’t know who attacked New Relic, or how. Was it malware abusing a zero-day on specific endpoints, or perhaps a brute-force attack against a poorly protected account? Was there ransomware involved? If so, did the hackers steal any valuable data? More specifically, is customer personally identifiable data (PII) compromised? We simply don’t know, and while The Register tried to get answers to these questions, the company answered that everything it has to say on this matter was said in the bulletin.

“As always, we recommend that you remain vigilant and monitor your account for suspicious activity. Additionally, we encourage you to review Security Guides for best practices as well as our Security Bulletins for updates,” New Relic concluded. “We will continue to provide relevant updates as we have more information to share.”

We can only speculate that if users should “monitor their accounts for suspicious activity” login credentials could have been stolen. Best case scenario - there won’t be any identity theft and everything will end with a few phishing attacks.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.