Anti-Virus Companies Admits Breach, Hacker Claims Stolen Passwords

A portion of customer data from much-respected anti-virus firm BitDefender has leaked online and, according to the hacker who took the data and tried to extort the firm, usernames and passwords were not encrypted.

The perpetrator told FORBES all the data he stole was unencrypted. Usernames and passwords seen by your reporter were in plain text and would have been difficult to crack if previously encrypted, given the quality of the passwords. Law enforcement have been called in and an investigation is underway.
The Romanian security company said in an emailed statement it found a potential security issue with a server and determined a single application was targeted – a component of its public cloud offering. The attack did not penetrate the server, but “a vulnerability potentially enabled exposure of a few user accounts and passwords”. The attack leaked a “very limited” number of usernames and passwords, representing “less than one per cent of our SMB customers”, the spokesperson said.
“The issue was immediately resolved and, additional security measures were put in place in order to prevent it from reoccurring. As an extra precaution, a password reset notice was sent to all potentially affected customers,” the spokesperson added. “This does not affect our consumer or enterprise customers. Our investigation revealed no other server or services were impacted.”
As noted by blog Hacker Film, last Friday DetoxRansome had demanded BitDefender pay $15,000 or see its customer database leaked. Over the weekend, the hacker dumped some data online, which appeared to contain more than 250 customers’ usernames and passwords. Some emails had .gov domain extensions, indicating government customers were affected. FORBES understands the ransom was not paid, whilst BitDefender could not offer any more details due to the ongoing police investigation.
In an email, DetoxRansome said they had taken control of two BitDefender cloud servers and “got all logins”. “Yes they were unencrypted, I can prove it… they were using Amazon Elastic Web cloud which is notorious for SSL [a form of web encryption] problems.” There was no evidence Amazon Web Services, which runs the Elastic Compute Cloud (EC2) that DetoxRansome referred to, was at fault. Amazon’s cloud arm has a policy that states it provides the infrastructure and customers are responsible for their application security.
Whilst it doesn’t seem a huge amount of data was taken, it’s concerning a hacker was able to grab unencrypted usernames and passwords from a security company.
Researchers and hackers have proven security firms vulnerable repeatedly in recent months. This year saw Russian anti-virus firm Kaspersky breached, though it believes government-sponsored hackers were responsible as part of a surveillance operation, not criminals after money. There were claims Israel and US intelligence agents may have been involved.
Documents leaked by Edward Snowden also showed the NSA had targeted a large number of anti-virus companies, including BitDefender. Days after that revelation, a Google researcher detailed holes in ESET anti-virus.
Hacking Team  a provider of spyware for law enforcement, was also breached. It appeared the individual responsible was an activist hoping to expose the Italian company and its history of selling to regimes with questionable records on human rights issues.
If it’s not clear already, even security providers are vulnerable to compromise, whatever the motivation of the attackers.

Milan Tomic

Hi. I’m Designer of Blog Magic. I’m CEO/Founder of ThemeXpose. I’m Creative Art Director, Web Designer, UI/UX Designer, Interaction Designer, Industrial Designer, Web Developer, Business Enthusiast, StartUp Enthusiast, Speaker, Writer and Photographer. Inspired to make things looks better.

  • Image
  • Image
  • Image
  • Image
  • Image
    Blogger Comment
    Facebook Comment


Post a Comment