Bitdefender Suffers Data Breach, Customer Records Stolen

screen-shot-2015-08-03-at-10-28-31.png

screen-shot-2015-08-03-at-10-28-31.png


Bitdefender  an Internet security software company originated in Romania, has become the latest cybersecurity firm to be targeted by hackers.

A cyber attacker has been able to extract customer login credentials for Bitdefender clients. An individual dubbed DetoxRansome extolled the data breach on Twitter over the weekend, taking responsibility for the attack and posting a message saying: "Guess what guys Bitdefender has been toppled by yours truly."
DetoxRansome has also demanded $15,000 from Bitdefender, threatening the leak of a customer database online unless the ransom demand is accepted.

The hacker latest released login credentials for two Bitdefender employees and one customer as proof of the corporate data theft.

In a blog post, security researchers Travis Doering and Dan McPeake say the hacker was willing to sell Bitdefender data including "access to all usernames and passwords persistently to their (Bitdefender) flagship products." The cyber attacker then posted a sample of some of the stolen data, including plain text username and matching passwords for over 250 accounts, which the company confirmed as accounts in active use.
Bitdefender admitted a security breach has taken place, but insisted that "less than one percent" of its small to medium-sized businesses were affected -- and no consumer or enterprise clients will suffer due to the data breach.
The attack occurred through a "security issue with a single server," according to Bitdefender.
A single application exposed a "very limited number" of customer login credentials through public cloud services. The vulnerability did not allow for database penetration; rather, "a vulnerability potentially enabled exposure of a few user accounts and passwords," Bitdefender says.
Bitdefender has not given in to the hacker's demands and is currently working with law enforcement to investigate the issue. A Bitdefender spokesperson told The Register:
"The issue was immediately resolved and additional security measures were put in place in order to prevent it from reoccurring. As an extra precaution, a password reset, notice was sent to all potentially affected customers. Our investigation revealed no other server or services were impacted. Bitdefender takes security of its customers very seriously and any issue that might involve the security of our customers or the security of our servers is treated with the utmost urgency and seriousness."

In June, cybersecurity firm Kaspersky Lab became the victim of a cyberattack deemed "almost invisible" and extremely difficult to detect. The company believes the attack was carried out by the same group that was behind the 2011 Duqu attack, and was likely state-sponsored.
ZDNet: http://zd.net/1IGGBeB

 

« Cyber Attacks on the Power Grid
Legal Issues Of Cyber War Are Big & Complex »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CTERA Networks

CTERA Networks

CTERA provides cloud storage solutions that enable service providers and enterprises to launch managed storage, backup, file sharing and mobile collaboration services using a single platform.

GovCERT Austria

GovCERT Austria

GovCERT Austria is the Austrian Government Computer Emergency Response Team. Its constituency consists of Austria's public administration.

Magix Security

Magix Security

Magix Security assesses the cyber threat, gives you visibility of how vulnerable your business is to attack, and provides cybercrime detection and prevention services.

Sistem Integra (SISB)

Sistem Integra (SISB)

SISB provide IT Security Infrastructure & Development, Mechanical & Electrical Services, Fire Safety & Detection Services, Facilities Management & Application Development.

Excelerate Systems

Excelerate Systems

Excelerate Systems is a leading provider of IT services with a focus on Big Data, Cloud Services and Security.

Secured Communications

Secured Communications

Secured Communications has developed the only unified secure communications platform trusted by public safety and counter terrorism professionals around the world.

SHIELD

SHIELD

SHIELD are the world’s leading cybersecurity company specializing in cyber fraud and identity solutions.

Apptega

Apptega

Apptega is an award-Winning Cybersecurity and Compliance Platform. Our mission is to make cybersecurity and compliance easy for everyone.

Integris

Integris

Integris offers best-in-class services like dedicated vCIOs, specialized security and compliance advisory services, a 24/7 help desk, and more.

Approov

Approov

Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android.

Keytos

Keytos

Keytos has revolutionized the Identity Management and PKI industry by creating cryptographic tools that allow you to go password-less by making security transparent to the user.

iomart Group

iomart Group

iomart is a cloud computing and IT managed services business providing secure hybrid cloud, network connectivity, data management, and digital workplace capability.

Mindcore Technologies

Mindcore Technologies

Mindcore provide cyber security services, managed IT services and IT consulting services to businesses in NJ, FL, and throughout the United States.

Autobahn Security

Autobahn Security

Autobahn Security is a growing team of 80+ experts from 25+ nationalities, established in 5 countries. We’re working hard to make Autobahn Security the No. 1 solution for improved hacking-resilience.

BioID

BioID

BioID are a German company offering deepfake detection, liveness detection, facial authentication & identity verification as a Service. 

Secure Cyber Management

Secure Cyber Management

Secure Cyber Management provides industry-leading cloud security advice, guidance and services.