Web tracking and analytics company New Relic has issued a sparse security advisory warning customers that they’re experiencing something terrifying.
“We value our New Relic community and want our customers to be aware of recent cybersecurity incidents that we are actively investigating with the support of third-party cybersecurity experts.” recommendation.
A small hint as to the nature of the incident is provided in the advisory, “Please remain vigilant and monitor your account for suspicious activity,” possibly indicating an account compromise.
No further details have been released.
In fact, emails sent and shared with customers include register CEO Bill Staples, a kind reader, began by reiterating, “We value you being a part of the New Relic community,” and then added, “We are committed to investigating and addressing this incident 24/7. I’m working on it on a time schedule,” he asserted.
register Due to the lack of information provided regarding this incident, it is unclear how well New Relic evaluates the community.
“Customers will be contacted directly if special accommodations are required,” the advisory states. “To be clear, if you do not hear from us, there is no action to take at this time.” An email from Staples said similar language.
But both communiqués ask: Do you need to assign someone to repeatedly click “Download new messages” in their favorite email client to ensure they don’t miss any important information security advice, or should you just relax? There are no details provided to help customers understand why they can wait several days.
For readers in the US who are embarking on the Thanksgiving long weekend, this approach may be stomach-churning – Sensation register I understand that it is a holiday tradition in many families.
But I digress.
register When we reached out to New Relic for comment, they said, “This is an ongoing investigation, and the information we know and can share is included in our security bulletin.”
Our questions included when analysts learned of the incident, whether customer data was accessed, how the incident was discovered, the identity of third-party cyber experts who assisted in the investigation, and the timing of the announcement. I couldn’t answer. We also asked if all New Relic customers worldwide are at risk, or if the issue is limited to a specific country.
I didn’t get an answer.
register Agents outside the United States will be monitoring the incident while their colleagues in the United States endure a turkey coma. ®