Threat actors leveraged the zero-day to infiltrate three of Rackspace's internal monitoring web servers with the ScienceLogic app and the third-party utility, facilitating access to customers' account names and numbers, usernames, Rackspace internally generated device IDs, device names and IP addresses, and AES256 encrypted Rackspace internal device agent credentials.
Article Link: Third-party zero-day leveraged to breach certain Rackspace servers | SC Media