A portion of customer data from much-respected anti-virus firm BitDefender has leaked online and, according to the hacker who took the data and tried to extort the firm, usernames and passwords were not encrypted.
The perpetrator told FORBES all the data he stole was unencrypted. Usernames and passwords seen by your reporter were in plain text and would have been difficult to crack if previously encrypted, given the quality of the passwords. Law enforcement have been called in and an investigation is underway.
The Romanian security company said in an emailed statement it found a potential security issue with a server and determined a single application was targeted ? a component of its public cloud offering. The attack did not penetrate the server, but ?a vulnerability potentially enabled exposure of a few user accounts and passwords?. The attack leaked a ?very limited? number of usernames and passwords, representing ?less than one per cent of our SMB customers?, the spokesperson said.
?The issue was immediately resolved and, additional security measures were put in place in order to prevent it from reoccurring. As an extra precaution, a password reset notice was sent to all potentially affected customers,? the spokesperson added. ?This does not affect our consumer or enterprise customers. Our investigation revealed no other server or services were impacted.?
Read more at FORBES