Bitdefender Suffers Data Breach, Customer Records Stolen

screen-shot-2015-08-03-at-10-28-31.png

screen-shot-2015-08-03-at-10-28-31.png


Bitdefender  an Internet security software company originated in Romania, has become the latest cybersecurity firm to be targeted by hackers.

A cyber attacker has been able to extract customer login credentials for Bitdefender clients. An individual dubbed DetoxRansome extolled the data breach on Twitter over the weekend, taking responsibility for the attack and posting a message saying: "Guess what guys Bitdefender has been toppled by yours truly."
DetoxRansome has also demanded $15,000 from Bitdefender, threatening the leak of a customer database online unless the ransom demand is accepted.

The hacker latest released login credentials for two Bitdefender employees and one customer as proof of the corporate data theft.

In a blog post, security researchers Travis Doering and Dan McPeake say the hacker was willing to sell Bitdefender data including "access to all usernames and passwords persistently to their (Bitdefender) flagship products." The cyber attacker then posted a sample of some of the stolen data, including plain text username and matching passwords for over 250 accounts, which the company confirmed as accounts in active use.
Bitdefender admitted a security breach has taken place, but insisted that "less than one percent" of its small to medium-sized businesses were affected -- and no consumer or enterprise clients will suffer due to the data breach.
The attack occurred through a "security issue with a single server," according to Bitdefender.
A single application exposed a "very limited number" of customer login credentials through public cloud services. The vulnerability did not allow for database penetration; rather, "a vulnerability potentially enabled exposure of a few user accounts and passwords," Bitdefender says.
Bitdefender has not given in to the hacker's demands and is currently working with law enforcement to investigate the issue. A Bitdefender spokesperson told The Register:
"The issue was immediately resolved and additional security measures were put in place in order to prevent it from reoccurring. As an extra precaution, a password reset, notice was sent to all potentially affected customers. Our investigation revealed no other server or services were impacted. Bitdefender takes security of its customers very seriously and any issue that might involve the security of our customers or the security of our servers is treated with the utmost urgency and seriousness."

In June, cybersecurity firm Kaspersky Lab became the victim of a cyberattack deemed "almost invisible" and extremely difficult to detect. The company believes the attack was carried out by the same group that was behind the 2011 Duqu attack, and was likely state-sponsored.
ZDNet: http://zd.net/1IGGBeB

 

« Cyber Attacks on the Power Grid
Legal Issues Of Cyber War Are Big & Complex »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BruCON

BruCON

Brucon is Belgiums premium security and hacking conference.

Gigamon

Gigamon

Gigamon provides intelligent Traffic Visability solutions that provide unmatched visbility into physical & birtual networks without affecting the performance or stability of production environments.

Qualitèsoft Technology

Qualitèsoft Technology

Qualitèsoft Technology is a leading Software Development and Quality Assurance organization. We specialize in Custom Development, Mobile Application, Software Testing and Quality Assurance.

V-Key

V-Key

V-Key is a global leader in software based digital security, providing solutions for mobile identity, authentication, authorization, and mobile payments for major banks.

ECS

ECS

ECS is a leading information technology provider delivering cloud, cybersecurity, software development, IT modernization, and advanced science and engineering services.

NeuroChain

NeuroChain

NeuroChain is an intelligent ecosystem that is more secure, more reliable and much faster than blockchain.

MOXFIVE

MOXFIVE

MOXFIVE is a specialized technical advisory firm founded to bring clarity to the complexity of cyber attacks.

Vumetric Cybersecurity

Vumetric Cybersecurity

Vumetric is an ISO9001 certified company offering penetration testing, IT security audits and specialized cybersecurity services.

Digital Beachhead

Digital Beachhead

Digital Beachhead has the expertise to provide a range of Cyber Risk Management and other Professional Services with specifically tailored solutions at competitive prices.

Boxphish

Boxphish

Boxphish provides a proven solution to reduce Human Error and Cyber Human Risk via automated learning journeys and intelligent phishing simulations.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

iVision

iVision

iVision is a technology integration and management firm that engineers success for clients through objective recommendations, process and technology expertise and best-of-breed guidance.

Cognisys Group

Cognisys Group

Cognisys provides cyber security penetration testing and compliance services from its offices in Leeds and Manchester.

Fescaro

Fescaro

FESCARO is a trusted cybersecurity partner for global automakers and their partners, helping them transition to software-defined vehicles (SDVs) with tailored automotive software solutions.

Eficens Systems

Eficens Systems

Eficens Systems is a global IT services and consulting company. We specialize in empowering businesses to harness the potential of Information Technology as a strategic asset.

Quotient

Quotient

Quotient builds digital experiences that empower and inspire the American people by understanding their needs, simplifying complex technical solutions and adapting to how they work, live and learn.