Skip links

New Relic warns customers it’s experienced a cyber … something

Web tracking and analytics outfit New Relic has issued a scanty security advisory warning customers it has experienced a scary cyber something.

“We value our New Relic community and want to make our customers aware of a recent cyber security incident that we are working diligently to investigate with the support of third-party cyber security experts,” reads the advisory.

The tiniest hint of the incident’s nature is offered in an exhortation to “remain vigilant and monitor your account for suspicious activity” – perhaps suggesting account compromise.

No further detail has been delivered.

Indeed, in an email sent to customers and shared with The Register by a kind reader, CEO Bill Staples opened by again stating “We value that you are part of the New Relic community” before assuring “We are working around the clock to investigate and address this incident.”

The Register is uncertain how to enumerate the extent to which New Relic values its community, given the paucity of information offered about the incident.

“Customers will be directly contacted if there are any specific actions required of you,” the advisory states. “To be clear, if you do not hear from us, there is no action you need to take at this time.” The email from Staples offers similar wording.

But neither communiqué offers a scintilla of detail to help customers understand whether they need to assign someone to hit “Download New Messages” on their preferred email client repeatedly so they don’t miss important infosec advice, or can relax and wait a few days.

US-based readers about to embark on the Thanksgiving long weekend may find that approach hard to stomach – a sensation The Register understands is a holiday tradition in many households.

But we digress.

The Register asked New Relic for comment and was told “This is an ongoing investigation and the information we know and can share is in the security bulletins.”

Our questions – about when the analysts learned of the incident, whether customer data was accessed, how the incident was spotted, the identity of the third-party cyber experts assisting the probe, and the timing of the announcement – were not answered. We also asked if all New Relic customers everywhere are at risk, or if the problem is confined to a certain nation or nations.

No answer was provided.

The Register operatives outside the US will keep an eye on this one while our stateside colleagues endure turkey comas. ®

Source