BeyondTrust Discloses Data Breach Details - 20250203001

Overview

BeyondTrust has issued an advisory relating to a security incident that involved 17 Remote Support SaaS customers, originally identified in December 2024. Further analysis identified a BeyondTrust infrastructure API key for Remote Support SaaS had been compromised and used to enable access to certain Remote Support SaaS instances by resetting local application passwords.

BeyondTrust have stated that no products outside of Remote Support SaaS were affected.

Recommendation

The WA SOC recommends administrators perform the following:

• BeyondTrust Advisory: https://www.beyondtrust.com/remote-support-saas-service-security-investigation
• Review the 'Indicators of Compromise (IoC)' section to perform scoping of any potentially related activity,
• Review the 'Recommended Best Practices for Customers' section for relevant information.