Cloudflare says it thwarted hackers trying to access a new data center in Brazil, but has replaced hardware at the facility as a precaution.

The company has confirmed it was hacked last year as part of a larger breach of digital identity provider Okta, but says attempts to gain access to the data center’s console were unsuccessful.

Cloudflare says it stopped hackers accessing a data center – Cloudflare

In a blog post published on Thursday, the networking and security vendor said it had fallen victim to a breach over Thanksgiving weekend last year, but said no customer information was accessed.

Hackers, thought to be working on behalf of a nation state government keen to get into Cloudflare’s network, used data obtained in the Okta breach to access Cloudflare’s internal wiki, which uses Atlassian Confluence, and its bug database, which runs on Atlassian Jira, on November 14.

According to the blog, “they then returned on November 22 and established persistent access to our Atlassian server using ScriptRunner for Jira, gained access to our source code management system (which uses Atlassian Bitbucket), and tried, unsuccessfully, to access a console server that had access to the data center that Cloudflare had not yet put into production in São Paulo, Brazil.”

The hackers were using tokens stolen in the Okta attack to try and access the data center console, but these were quickly disabled by the Cloudflare security team, the company said.

To ensure the data center remains secure, Cloudflare said “equipment in the Brazil data center was returned to the manufacturers.”

The blog post states: “The manufacturers’ forensic teams examined all of our systems to ensure that no access or persistence was gained. Nothing was found, but we replaced the hardware anyway.”

Cloudflare did not elaborate on what the data center is being used for. The company offers a range of services, including its core content delivery network, which helps manage internet traffic, to customers in the South American country.