Bitdefender held to ransom by data thief
Cyber-sec firm’s cloud service compromised, unencrypted usernames, passwords dumped
Romanian cyber security firm Bitdefender has found itself the victim of data-theft, according to Forbes, which claimed to have had contact with the hacker responsible.
The attacker, known as DetoxRansome, tried to extort Bitdefender, publishing a portion of the stolen trove online and threatening to dump the rest if the firm did not pay a ransom of $15,000.
Forbes also claimed the blackmailer shared samples of the stolen data and that usernames and passwords were not encrypted. The passwords were strong, according to the report, and would have been difficult to crack.
Bitdefender admitted to the breach in an emailed statement, but insisted "a vulnerability potentially enabled exposure of a few user accounts and passwords" rather than the host server. The vulnerability reportedly lay in Bitdefender's public cloud service and affected "less than 1% of our SMB customers".
"The issue was immediately resolved and additional security measures were put in place in order to prevent it from reoccurring," the statement read. "As an extra precaution, a password reset notice was sent to all potentially affected customers. This does not affect our consumer or enterprise customers. Our investigation revealed no other server or services were impacted."
Bitdefender said it was unable to provide more information because a police investigation was underway, but Forbes claimed some of the customers operated .gov domains.
An email from DetoxRansome claimed two BitDefender cloud servers were compromised and the attacker said they had "got all logins".
"Yes they were unencrypted, I can prove it... they were using Amazon Elastic Web cloud, which is notorious for SSL [Secure-Socket Layer] problems."
Forbes said there was "no evidence" Amazon Web Services' Elastic Compute Cloud was at fault.