Security News > 2020 > May > Search Company Algolia Hacked via Recent Salt Vulnerabilities
A couple of Salt vulnerabilities addressed last week were abused over the weekend to hack Algolia's infrastructure, the search-as-a-service startup revealed.
An open-source configuration tool designed for monitoring and updating the state of servers deployed in datacenters and in the cloud, Salt was recently found to be impacted by two issues that could allow attackers to execute arbitrary commands.
U.S. startup Algolia, which offers a web search product through a SaaS model to more than 9,000 customers, this week revealed that it too was hit via the Salt vulnerability over the weekend.
During the incident, Algolia says, roughly 2% of its servers were impacted by a search downtime longer than 5 minutes, and less than 1% were impacted by a search downtime longer than 10 minutes.
"We must reinforce how critical it is that all Salt users patch their systems and follow the guidance we have provided outlining steps for remediation and best practices for Salt environment security. It is equally important to upgrade to latest versions of the platform and register with support for future awareness of any possible issues and remediations," Peay also said.