IT Glue Update Regarding VSA Security Incident
BY IT GLUE | July 02, 2021
Beginning around mid-day (EST/US) on Friday, July 02, 2021, Kaseya’s Incident Response team learned of a potential security incident involving our VSA software.
- We’d like to emphasize IT Glue Data Centers, infrastructure, and development systems are independent of VSA’s and in no way affected by this incident. IT Glue infrastructure is not managed or monitored by VSA. If you work with a service provider or vendor that has disabled the IT Glue integration, kindly contact them to restore the integration connection.
- Following the extreme cautionary guidance of the Kaseya Incident Response team, IT Glue revoked all user OAuth tokens to ensure any VSA systems pulling data from the IT Glue API must re-authenticate using username, password, and MFA (see Kb article for reference).
Our VSA team took swift actions to protect all customers:
- We immediately shut down our SaaS servers as a precautionary measure, even with no reports of compromise from any SaaS or hosted customers;
- We immediately notified our on-premises customers via email, in-product notices, and phone to shut down their VSA servers to prevent them from being compromised.
The VSA team then followed an established incident response process to determine the scope of the incident and the extent to which the customers were affected.
- We deployed our internal incident response team and leading industry experts in forensic investigations to help determine the root cause of the issue;
- Notified law enforcement and the US government cybersecurity agencies, including the FBI and CISA
Updates on the incident can be viewed on the Kaseya site here: Update Regarding VSA Security Incident | Kaseya