Bitdefender (confirms) hacked and blackmailed
Posted 01 August 2015 - 01:48 AM
"Bitdefender, the critical darling in internet security, appears to have been hacked and is now embroiled in a dangerous extortion plot thats putting its over 400 million customers at risk.
Friday July 24th 2015: A Hacker going by the handle DetoxRansome (DR) first attempted to blackmail the company via Twitter, writing I want 15,000 us dollars or I leak your customer base. This message was then followed by a tweet containing login credentials for two Bit Defender staff members accounts and another one belonging to a customer."
"Reached by Travis Doering late Monday evening, Bitdefenders Marius Buterchi confirmed the hacking of accounts, and said the company was Aware of the issue and have reset the passwords for the customers whos credentials have been made public. He added They are actively investigating how these passwords were made public."
Hacker Film Blog
Posted 01 August 2015 - 03:26 PM
Another article about:
Hacker steals Bitdefender customer log-in credentials, attempts blackmailBy Lucian Constantin FollowIDG News Service | Jul 31, 2015 6:50 AM PTA hacker extracted customer log-in credentials from a server owned by Bitdefender that hosted the cloud-based management dashboards for its small and medium-size business clients.
Posted 01 August 2015 - 07:07 PM
We recently found a potential security issue with a single server. We immediately launched an investigation and found that a single application was concerned a component of the public cloud exposing a very limited number of usernames and passwords. Our investigation also revealed that the server was not penetrated, but a vulnerability potentially enabled exposure of a few user accounts and passwords.
The issue was immediately resolved and additional security measures were put in place in order to prevent it from reoccurring. As an extra precaution, a password reset notice was sent to all potentially affected customers, representing less than 1 per cent of our SMB customers. This does not affect our consumer or enterprise customers. Our investigation revealed no other server or services were impacted.