Some customers of the network security company LogicMonitor have been hacked due to the use of default passwords, TechCrunch has learned.
A LogicMonitor spokesperson confirmed to TechCrunch that there’s “a security incident” affecting some of the company’s customers.
“We are currently addressing a security incident that has affected a small number of our customers. We are in direct communication and working closely with those customers to take appropriate measures to mitigate impact,” LogicMonitor’s spokesperson Jesica Church said in a statement.
The incident is due to the fact that, until recently, LogicMonitor was assigning customers default — and weak — passwords such as “Welcome@” plus a short number, according to a source at a company that was impacted by the incident, and who asked to remain anonymous as they were not authorized to speak to the press.
“When you set up an account with [LogicMonitor], they define a default password and all user accounts for your organization/account are made with that password,” the source told TechCrunch. “They also didn’t require the changes, nor were they temporary passwords, until this week. Now the setup password lasts 30 days and must be changed on first login.”
According to an email sent by one of LogicMonitor’s customers and seen by TechCrunch, “LogicMonitor had reached out to us proactively with a possible username/password breach for a few of their customers via a call, which could lead to systems that are being monitored by LogicMonitor to be compromised with a ransomware attack and henceforth this proactive reach out.”
LogicMonitor’s spokesperson said the company cannot share more details about the incident at this point.
The source said they are aware of a breached company that lost more than 400 systems due to a ransomware attack that exploited their weak default password.
LogicMonitor provides a software-as-a-service platform that gives customers visibility into their network infrastructure, including in the cloud. The company says on its official site that it “monitors 800 billion metrics per day across three million active devices,” and that “it has more than 100,000 software users across 30 different countries.”
Are you a LogicMonitor customer? Were you one of the victims of this incident? We’d love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Wire @lorenzofb, or email lorenzo@techcrunch.com. You also can contact TechCrunch via SecureDrop.