One of Bitdefender’s servers has been hacked by DetoxRansome. The hacker claimed to have stolen some of the login credentials of Bitdefender’s users. He has also threatened to release the details of the users if the sum of $15,000 is not paid as ransom.
The breach has been confirmed by Bitdefender, an antivirus software provider. Bitdefender, however, claimed that the total amount of data that was leaked is less than 1 percent of its users’ data. They further stated that the login credentials that were compromised were those of accounts belonging to small to medium sized businesses. They implied that no enterprise or home client data was leaked.
Internal investigations on the cause of the breach revealed that a human error during deployment led to vulnerability in one of Bitdefender’s servers. Hence, only one of their servers was affected.
The hacker proofed his claim by posting some login details of a few Bitdefender users on Twitter. He further anonymously posted 250 other account details on another website. Many of the login details he posted were confirmed by Bitdefender to be active accounts. The hacker also displayed the dashboard of Bitdefender on www.posworks.com.au.
As per stated by Hacker Film Blog,
Travis Doering and Bitdefender were able to confirm many of them as active accounts.
The hacker said he is willing to sell the login details for eight bitcoins. He said he was able to steal the login details by sniffing on one of Bitdefender’s major servers. The hacker further sent an email to Forbes in which he claimed that the Elastic Web cloud on Amazon made it easy for him to steal the data. He also stated that he stored the passwords in clear text format.
Antivirus companies seem to be under attack since Kaspersky Antivirus labs also was attacked recently by a group known as Duqu.
The official statement from BitDefender stated that a single server was found to have a potential security issue. A probe was started immediately and an application which is part of a public cloud was found to be allowing easy access to some of its clients details.
Further probing, according to Bitdefender, also showed that the server was not breached in the actual sense. The hacker was only able to collect login details of a few users due to vulnerability. Bitdefender further stated that they were able to address the problem immediately as well as put in place more security measures to make sure it doesn’t happen again.
Image from Bitdefender website and Shutterstock.