bitdefender a pierdut parole ale clienţilor

Vineri, 31 Iulie 2015 | 0 Comentarii

Când o companie care construieşte programe anti-virus pică victimă a atacurilor informatice, deja îţi pui niste întrebări simple. Compania spune că nu e ceva serios …

Am identificat un potential incident de securitate pe un singur server apartinand companiei. Am demarat o investigatie interna si am constatat ca o singura aplicatie a fost vizata – o componenta a cloud-ului public – care a expus un numar foarte limitat de utilizatori si parole.

Investigatia interna a relevat faptul ca serverul respectiv nu a fost compromis, dar o vulnerabilitate a permis aflarea conturilor unui numar foarte mic de utilizatori.

Incidentul a fost remediat in cel mai scurt timp, compania luand masuri suplimentare de securitate pentru a preveni reaparitia unora noi. O notificare legata de resetarea parolelor a fost trimisa potentialilor clienti expusi, reprezentand sub 1% din portofoliul IMM al companiei. Incidentul nu a vizat consumatorii casnici, nici segmentul enterprise.

Investigatia a confirmat ca niciun alt server sau serviciu nu a avut de suferit.

Bitdefender plaseaza securitatea clientilor sai in topul prioritatilor si trateaza cu maxima seriozitate si rapiditate orice situatie care ar putea implica securitatea clientilor.

Hackeru’ a cerut nişte bani, dar se pare că nu i-a primit. Sau, cine ştie …

Friday July 24th 2015: A Hacker going by the handle DetoxRansome (DR) first attempted to blackmail the company via Twitter, writing “I want 15,000 us dollars or I leak your customer base”. This message was then followed by a tweet containing login credentials for two Bit Defender staff members’ accounts and another one belonging to a customer.

twitter-bitdefender

Saturday July 25th 2015: DetoxRansome made his second attempt to monetize Bitdefender’s freshly stolen data, as well as the exploit with which he procured it. DR posted a listing on a pastee page detailing the private sale of what he later described in an email as “access to all usernames and passwords persistently to their (Bitdefender) flagship products”. He posted a sample of some of what he had stolen which contained the plain text username and matching passwords for over 250 active Bitdefender accounts. Travis Doering and Bitdefender were able to confirm many of them as active accounts. In the body of the pastee post DR also listed the following message “This is a sample I have more, email for details of the hole (EMAIL REDACTED)” Those words then launched an online bidding war for the stolen credentials and details of the exploit used by DR.

Mai multe detalii despre incident aici.

Ai o altă opinie? O poți scrie aici!