BitDefender hacked, unencrypted customer information compromised, hacker demands ransom from the AV firm in return for the exploit and stolen database.
One of the world’s leading anti-virus solutions vendor BitDefender has been hacked by a hacker going by the name of DetoxRansome. The hacker claims to have access to the BitDefender customer information including passwords, which the hacker claims were stored in unencrypted format by BitDefender.
The hackers have already exposed 250 BitDefender customer usernames and passwords as proof of the hacking. The criminals claim that the stolen logins were stored in the Amazon Elastic Web cloud in an unencrypted state. It is believed that less than one percent of BitDefender’s accounts have been compromised.
“The issue was immediately resolved and additional security measures were put in place in order to prevent it from reoccurring,” explains a spokesperson from BitDefender. “As an extra precaution, a password reset notice was sent to all potentially affected customers.”
“Our investigation revealed no other server or services were impacted,” he added.
In an email, DetoxRansome said they had taken control of two BitDefender cloud servers and “got all logins”. “Yes they were unencrypted, I can prove it… they were using Amazon Elastic Web cloud which is notorious for SSL [a form of web encryption] problems.” There was no evidence Amazon Web Services, which runs the Elastic Compute Cloud (EC2) that DetoxRansome referred to, was at fault. Amazon’s cloud arm has a policy that states it provides the infrastructure and customers are responsible for their application security.
Whilst it doesn’t seem a huge amount of data was taken, it’s concerning a hacker was able to grab unencrypted usernames and passwords from a security company.
Researchers and hackers have proven security firms vulnerable repeatedly in recent months. This year saw Russian anti-virus firm Kaspersky breached, though it believes government-sponsored hackers were responsible as part of a surveillance operation, not criminals after money. There were claims Israel and US intelligence agents may have been involved.
Documents leaked by Edward Snowden also showed the NSA had targeted a large number of anti-virus companies, including BitDefender. Days after that revelation, a Google researcher detailed holes in ESET anti-virus.
Hacking Team TISI +%, a provider of spyware for law enforcement, was also breached. It appeared the individual responsible was an activist hoping to expose the Italian company and its history of selling to regimes with questionable records on human rights issues.
If it’s not clear already, even security providers are vulnerable to compromise, whatever the motivation of the attackers.