PagerDuty has alerted their customers to a security incident which is believed to have occurred on July 9th. Their blog post provides some additional information on the matter, however their disclosure is limited as they work through the investigation with authorities. Here is a snippet:
“The evidence indicates that the attacker gained access to users’ names, email addresses, hashed passwords and public calendar feed URLs.”
Based upon the provided details, Engine Yard is confident the intrusion poses no additional threat to our customers. However, it is important to consider the advice provided in their post:
- As a precaution, set new and strong passwords for your users
- Reset calendar feed URLs (guide)
- Revoke and re-add access to any mobile devices linked to your PagerDuty account (guide)
Furthermore, for any users present on PagerDuty or Engine Yard’s systems who use the same, non-unique password, we strongly recommend replacing them with unique, individual passwords instead.
For additional developments on this incident, follow the original blog post. If you have any questions or concerns pertaining to Engine Yard, please do not hesitate to open a support ticket. Any PagerDuty-related inquiries can be directed to firstname.lastname@example.org.