Nytro Posted July 31, 2015 Report Posted July 31, 2015 Anti-Virus Firm BitDefender Admits Breach, Hacker Claims Stolen Passwords Are UnencryptedBitDefender, a much-respected anti-virus firm, has leaked a portion of its customers’ usernames and passwords after facing an extortion attempt by a hacker, going by the name DetoxRansome.The perpetrator told FORBES all the data he stole was unencrypted. Usernames and passwords seen by your reporter were in plain text and would have been difficult to crack if previously encrypted, given the quality of the passwords. Law enforcement have been called in and an investigation is underway.The Romanian security company said in an emailed statement it found a potential security issue with a server and determined a single application was targeted – a component of its public cloud offering. The attack did not penetrate the server, but “a vulnerability potentially enabled exposure of a few user accounts and passwords”. The attack leaked a “very limited” number of usernames and passwords, representing “less than one per cent of our SMB customers”, the spokesperson said.“The issue was immediately resolved and, additional security measures were put in place in order to prevent it from reoccurring. As an extra precaution, a password reset notice was sent to all potentially affected customers,” the spokesperson added. “This does not affect our consumer or enterprise customers. Our investigation revealed no other server or services were impacted.”As noted by blog Hacker Film, last Friday DetoxRansome had demanded BitDefender pay $15,000 or see its customer database leaked. Over the weekend, the hacker dumped some data online, which appeared to contain more than 250 customers’ usernames and passwords. Some emails had .gov domain extensions, indicating government customers were affected. FORBES understands the ransom was not paid, whilst BitDefender could not offer any more details due to the ongoing police investigation.In an email, DetoxRansome said they had taken control of two BitDefender cloud servers and “got all logins”. “Yes they were unencrypted, I can prove it… they were using Amazon Elastic Web cloud which is notorious for SSL [a form of web encryption] problems.”Whilst it doesn’t seem a huge amount of data was taken, it’s concerning a hacker was able to grab unencrypted usernames and passwords from a security company.Researchers and hackers have proven security firms vulnerable repeatedly in recent months. This year saw Russian anti-virus firm Kaspersky breached, though it believes government-sponsored hackers were responsible as part of a surveillance operation, not criminals after money. There were claims Israel and US intelligence agents may have been involved.Documents leaked by Edward Snowden also showed the NSA had targeted a large number of anti-virus companies, including BitDefender. Days after that revelation, a Google researcher detailed holes in ESET anti-virus.Hacking Team TISI NaN%, a provider of spyware for law enforcement,was also breached. It appeared the individual responsible was an activist hoping to expose the Italian company and its history of selling to regimes with questionable records on human rights issues.If it’s not clear already, even security providers are vulnerable to compromise, whatever the motivation of the attackers.Sursa: http://www.forbes.com/sites/thomasbrewster/2015/07/31/bitdefender-hacked/ Quote
