Oh the irony never fails to amuse, an Anti Virus company who boast on keeping customers safe from online threats, have themselves falling victim to a hack. Kaspersky discovered a bot within their system and now so has Bit Defender, who have admitted to being hacked.
Bit Defenders security policy will be under heavy criticism after the hacker going by the name of DetoxRansome, claims to have access to the Bit Defender customer information which allegedly includes passwords. The hacker also claims this information has been stored in an unencrypted format by the antivirus giant.
Bit Defender have responded and stated that a “potential security issue with a server and determined a single application was targeted within a component of its public cloud offering” The company have also responded to the amount of data which might have been leaked by stating that, “exposure of a few user accounts and passwords is very limited and it represents less than one percent of our SMB customers”
There are reports that the hacker has demanded Bit Defender pay a ransom of $15,000, or see all the information dumped online. As noted by news sources, the hacker looks as if they have dumped around 250 customers usernames and passwords onto the web. Among the names were extensions belonging to .gov, which indicates government customers might have been affected.
The Hackers version is the following “We had taken control of two BitDefender cloud servers and got all logins. Yes, they were unencrypted, I can prove it… they were using Amazon Elastic Web cloud which is notorious for SSL [a form of web encryption] problems.”
The level of severity depends on which version you believe, either Bit Defender have only comprised a reported 1% of data or the whole lot. One thing looks apparent, for the love of god, why oh why did they not encrypt sensitive information, if a company offers cloud storage then this has to be secure, or as near as.
In a corporate world as consumers you receive corporate promises, looks excellent on the outside, dig deeper and your logins might be on the open web. Only time will tell to the extent with which Bit Defender have been compromised, let’s hope this is an alarm call to change practises when storing sensitive information online, or not as the case all too often is.
Original Bit Defender logo courtesy of dev0blog
Thank You Forbes for providing us with this information