Rackspace Hit by Zero-Day Attack, Customer Data Exposed

Rackspace suffered a cyberattack due to a zero-day vulnerability in a third-party application. The breach impacted the internal performance monitoring system, leading to a temporary shutdown of the customer monitoring dashboard.

Rackspace had been using ScienceLogic software for monitoring, and attackers were able to exploit a zero-day flaw in one of the program’s components. As a result, the hackers gained access to three internal Rackspace servers and some monitoring-related information.

However, the core functionality of the customer monitoring system remained unaffected. The only impact on users was the temporary unavailability of the monitoring dashboard, while the company’s other services continued to operate without disruption.

In a letter sent to clients, Rackspace disclosed that the attackers accessed limited information, including names and account numbers, client logins, internal identifiers, IP addresses of devices, and encrypted passwords for internal device agents. The company emphasized that no further action was required from clients.

Rackspace immediately isolated and decommissioned the compromised equipment, and in collaboration with ScienceLogic, developed and deployed a patch to address the vulnerability. ScienceLogic also notified its clients and released an update to mitigate the threat. However, the company has withheld the name of the vulnerable software to prevent additional risks.

Previously, in December 2022, Rackspace had also fallen victim to a zero-day attack, which disrupted email services for clients due to the infection of its Microsoft Exchange hosting with ransomware. The losses from that incident amounted to approximately $11 million.