Skip to main content

Datadog security breach leaks AWS user credentials

Monitoring and analytics firm Datadog has admitted to falling victim to a data breach and is recommending that all of its users change their passwords immediately.

The firm provides cloud metrics for cloud providers across a variety of services, apps and systems while offering a software-as-a-service (SaaS) that can easily integrate with Amazon Web Services (AWS), Microsoft Azure, Java and Google's cloud platform. Though Datadog's major partners are AWS, Slack, MongoDB and Fastly.

The firm sent out an email over the weekend in which it warned its users of data breach and recommended they change their passwords if they had been stored on the site. Google Auth and SAML users do not need to do so as they were unaffected by the breach. Datadog also sent a notice to admin users telling them to revoke or change any credentials stored in its system.

The firm put out a security advisory after detecting unauthorised activity on a few production infrastructure servers on Friday. One of the systems that was breached housed a database that stored user credentials.

The full extent of the hack is unknown at this time but one user contacted Datadog after an attacker attempted to use their AWS login credentials unsuccessfully.

The company further explained its reasoning, saying: “To err on the side of caution, we are recommending revocation of all credentials shared with Datadog. For AWS users, Datadog supports two mechanisms of integration. As you update AWS integration credentials we strongly encourage the use of AWS IAM Role Delegation. This stronger method of AWS integration prevents the sharing of security credentials, such as access keys, between accounts.”

Datadog's security team has done an excellent job in mitigating what could have been a catastrophic breach.

Its chief security officer, Andrew Bechere has also let users know that passwords stored on the site are done so using bcrypt with a unique salt which will make it difficult and time consuming for cybercriminals to access them, giving Datadog users ample time to update their credentials.

Image Credit: wk1003mike / Shutterstock

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.