Rubrik rotates authentication keys after log server breach
Rubrik disclosed last month that one of its servers hosting log files was breached, causing the company to rotate potentially leaked authentication keys.
The company has confirmed to BleepingComputer that the breach was not a ransomware incident and that it did not receive any communication from the threat actor.
Rubrik is a cybersecurity company that specializes in data protection, backup, and recovery and has over 3,000 employees in more than 22 global offices. The company has over 6,000 customers worldwide, including high-profile companies like AMD, Adobe, Pepsico, Home Depot, Allstate, Sephora, GSK, Honda, Harvard University, and TrelliX.
In a security advisory published on February 2 and first spotted by Kevin Beaumont, Rubrik says it detected unusual activity on a server hosting their log files.
"The Rubrik Information Security Team recently discovered anomalous activity on a server that contained log files. We promptly took the server offline to mitigate the risk," reads Rubrik's security advisory.
"An investigation supported by a third party forensic partner has confirmed that the incident was isolated to this one server and we found no evidence of unauthorized access to any data we secure on behalf of our customers, or our internal code."
However, Rubrik says that a small number of log files contained access information, causing the company to rotate authentication keys out of an abundance of caution.
The company says that there are no signs that this information was misused.
Furthermore, Rubrik says their investigation has not found evidence that the threat actors gained access to customer data or their internal source code.
Rubrik previously suffered a data breach in 2023 after the company's data was stolen as part of the wide-scale Fortra GoAnywhere data theft attacks by the Clop ransomware gang.
New Microsoft 365 outage impacts Teams, causes call failures
Google's March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
InformationalInformation Disclosure - Suspicious Comments
HighPII Disclosure
Free online web security scanner