Bitdefender Suffers Data Breach, Customer Records Stolen

Uploaded on 2015-08-25 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

screen-shot-2015-08-03-at-10-28-31.png

screen-shot-2015-08-03-at-10-28-31.png


Bitdefender  an Internet security software company originated in Romania, has become the latest cybersecurity firm to be targeted by hackers.

A cyber attacker has been able to extract customer login credentials for Bitdefender clients. An individual dubbed DetoxRansome extolled the data breach on Twitter over the weekend, taking responsibility for the attack and posting a message saying: "Guess what guys Bitdefender has been toppled by yours truly."
DetoxRansome has also demanded $15,000 from Bitdefender, threatening the leak of a customer database online unless the ransom demand is accepted.

The hacker latest released login credentials for two Bitdefender employees and one customer as proof of the corporate data theft.

In a blog post, security researchers Travis Doering and Dan McPeake say the hacker was willing to sell Bitdefender data including "access to all usernames and passwords persistently to their (Bitdefender) flagship products." The cyber attacker then posted a sample of some of the stolen data, including plain text username and matching passwords for over 250 accounts, which the company confirmed as accounts in active use.
Bitdefender admitted a security breach has taken place, but insisted that "less than one percent" of its small to medium-sized businesses were affected -- and no consumer or enterprise clients will suffer due to the data breach.
The attack occurred through a "security issue with a single server," according to Bitdefender.
A single application exposed a "very limited number" of customer login credentials through public cloud services. The vulnerability did not allow for database penetration; rather, "a vulnerability potentially enabled exposure of a few user accounts and passwords," Bitdefender says.
Bitdefender has not given in to the hacker's demands and is currently working with law enforcement to investigate the issue. A Bitdefender spokesperson told The Register:
"The issue was immediately resolved and additional security measures were put in place in order to prevent it from reoccurring. As an extra precaution, a password reset, notice was sent to all potentially affected customers. Our investigation revealed no other server or services were impacted. Bitdefender takes security of its customers very seriously and any issue that might involve the security of our customers or the security of our servers is treated with the utmost urgency and seriousness."

In June, cybersecurity firm Kaspersky Lab became the victim of a cyberattack deemed "almost invisible" and extremely difficult to detect. The company believes the attack was carried out by the same group that was behind the 2011 Duqu attack, and was likely state-sponsored.
ZDNet: http://zd.net/1IGGBeB

 

« Cyber Attacks on the Power Grid
Legal Issues Of Cyber War Are Big & Complex »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

aizoOn Technology Consulting

aizoOn Technology Consulting

aizoOn is a technology consulting company offering a range of services including IoT & embedded security, mobile security, cybersecurity assessments, risk & compliance, network monitoring and more.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

Silent Breach

Silent Breach

Silent Breach specializes in network security and digital asset protection. Services include Pentesting, Security Assessments, Incident Detection & Response, Governance Risk & Compliance.

Cryptsoft

Cryptsoft

Cryptsoft provides key management and security software development toolkits based around open standards such as OASIS KMIP and PKCS#11.

redGuardian

redGuardian

redGuardian is a DDoS mitigation solution available both as a BGP-based service and as an on-premise platform.

Digital Management (DMI)

Digital Management (DMI)

DMI is a provider of mobile enterprise, business intelligence and cybersecurity services.

First Point Group (FPG)

First Point Group (FPG)

First Point Group provide a global technological recruitment service worldwide. Within that we have a specialist team of Cyber Security recruiters.

Cingo Solutions

Cingo Solutions

Cingo Solutions is a Managed Detection & Response company providing specialized data security services.

NETRIO

NETRIO

If you are looking for a highly mature, exceptionally competent Managed Service Provider, NETRIO has solutions to keep your business running at warp speed with zero disruptions.

Central Intelligence Agency (CIA)

Central Intelligence Agency (CIA)

The CIA is an independent agency responsible for providing national security intelligence to senior US policymakers. This includes cyber security related activities.

Stacklok

Stacklok

Stacklok are an Open Source first security company enabling safe Open Source Software consumption.

Papua New Guinea National Cyber Security Centre (PNG NCSC)

Papua New Guinea National Cyber Security Centre (PNG NCSC)

PNG NCSC is a jointly funded initiative enabling PNG to benefit with the most advanced cyber protection of its critical information and communications technology infrastructure.

GISEC Global

GISEC Global

GISEC Global provides vendors and companies from around the world with access to lucrative opportunity to capitalize on what's set to become one of the world's booming markets.

Lansafe

Lansafe

Lansafe stands as a leading managed service provider in the UK, seamlessly integrating IT, Telecoms, Security, Electrical and Cyber Security solutions.

turingpoint

turingpoint

turingpoint GmbH is a tech enabled boutique consultancy. It was founded by security experts with a focus on cyber security and software solutions.

CyberSG TIG Centre

CyberSG TIG Centre

CyberSG TIG Centre aims to propel Singapore as the world’s premier cybersecurity innovation hub for economic growth.