Datadog, Inc. may be a fine Software-as-a-Service (SaaS) platform, but it too needs a guard dog. A recent hack has resulted in a data breach of the Datadog platform, stealing login credentials for users of all sizes.

According to NakedSecurity, the breach has impacted a few of the production servers, and at least one user has reported that outside parties have tried to use the Amazon Web Services they share with Datadog. Considering Datadog has big-name customers, such as Spotify, The New York Times, PBS, and Samsung, there are some high-value organizations that could be put at risk.

The good news is: Datadog is not slacking on security. The passwords are encrypted with bcrypt, which will take quite some time for hackers to break, giving customers time to change their passwords and security settings. Datadog also acted quickly in response to the breach, and invalidated all stored passwords.

Additionally, Datadog has reached out to customers, telling them to change their passwords, and for admin users to rotate and/or revoke any credentials stored in Datadog. Users can reset their passwords directly through the site, if they’re unsure about the legitimacy of the email they receive.

Any AWS users are encouraged to use Identity and Access Management Role Delegation, which stops security credentials from being shared between accounts. Datadog agents are also unaffected by the breach, as they’re isolated from the Datadog infrastructure.

Datadog has rebuilt any compromised systems, and is conducting a forensic investigation into the attack. In the meantime, customers should change their passwords immediately. Fortunately, thanks to a swift response and strong encryption, the damage from this breach should be minimal.

Photo by alq666