Holding a company’s own IP for ransom has occurred more frequently than people will admit, and it appears that is what happened when a hacker got into security firm, BitDefender’s database.
The database contained usernames and passwords of customers of Romanian AV maker BitDefender and the hacker is tried to force the company into paying $15,000 so the information doesn’t go public.
The two-week-old breach did result in some data releasing, and DetoxRansome (which is what the hacker was calling himself) sent out some login credentials on Twitter and via a paste site, as well as screenshot that proved the credentials can end up used to access the enterprise security solutions page.
Researchers Travis Doering and Dan McPeake have been following the hack.
The hacker compromised two BitDefender cloud servers, and that the data held on them is not encrypted, according to Forbes. BitDefender confirmed the compromise.
“We recently found a potential security issue with a single server,” BitDefender said. “We immediately launched an investigation and found that a single application was concerned – a component of the public cloud – exposing a very limited number of usernames and passwords. Our investigation also revealed that the server was not penetrated, but a vulnerability potentially enabled exposure of a few user accounts and passwords.
“The issue was immediately resolved and additional security measures were put in place in order to prevent it from reoccurring,” the company said. “As an extra precaution, a password reset notice was sent to all potentially affected customers, representing less than 1 percent of our SMB customers. This does not affect our consumer or enterprise customers. Our investigation revealed no other server or services were impacted.”