Some customers of the network security company LogicMonitor have been hacked due to the use of default passwords, TechCrunch has learned. A LogicMonitor spokesperson confirmed to TechCrunch that there’s “a security incident” affecting some of the company’s customers.
Weak passwords expose customer accounts
The breach occurred because, until recently, LogicMonitor employed default passwords for user accounts. These passwords typically followed a pattern such as “Welcome@” accompanied by a short numerical sequence. This practice made it easier for hackers to gain unauthorized access to customer accounts and potentially launch ransomware attacks on systems being monitored by LogicMonitor.
According to sources familiar with the incident, LogicMonitor did not require users to change these default passwords or set them to expire until this week. This oversight left customers vulnerable to potential breaches and compromised system security.
In an email notification sent to one of LogicMonitor’s customers, the company alerted them to a possible breach resulting from the exposed usernames and passwords. The email emphasized the risk of a ransomware attack, should unauthorized access occur. The proactive outreach by LogicMonitor suggests an effort to address the issue promptly and protect their customers.
Ransomware attack affects one company
The consequences of the breach have already been felt by some customers. Reports indicate that a breached company lost over 400 systems due to a ransomware attack that exploited the weak default password provided by LogicMonitor. The ransomware encrypted the files on the affected systems and demanded a payment for their decryption.
The name of the breached company and the amount of the ransom have not been disclosed. It is not clear whether the company paid the ransom or recovered its data from backups. The company has not issued any public statement about the incident.
LogicMonitor responds to the incident
LogicMonitor, known for its software-as-a-service platform that offers network infrastructure visibility, monitors billions of metrics daily across millions of active devices. The company boasts over 100,000 users in 30 countries.
A spokesperson for LogicMonitor, Jesica Church, acknowledged the security incident in a statement, stating that the company is actively working with affected customers to mitigate any potential damage. However, the spokesperson did not disclose further details about the incident at this time.
LogicMonitor has reportedly changed its password policy and now requires users to change their default passwords on first login and every 30 days thereafter. The company has also advised its customers to review their account settings and enable two-factor authentication for added security.
LogicMonitor customers are urged to immediately change their default passwords to ensure their accounts remain secure. The security incident underscores the importance of implementing strong and unique passwords for all online accounts to mitigate the risk of unauthorized access and potential data breaches.
If you are a LogicMonitor customer affected by this incident, we encourage you to reach out to us and share your experience. For secure communication, you can contact Lorenzo Franceschi-Bicchierai via Signal at +1 917 257 1382 or through Telegram and Wire at @lorenzofb. Alternatively, you can email email@example.com or use TechCrunch’s SecureDrop service for anonymous communication.