Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Bitdefender feeling a bit tender: Hackers enter anti-distemper vendor

Someone gulped unencrypted login info from security biz

One or more miscreants have been able to slurp and leak usernames and passwords from Bitdefender. The unencrypted login details belonged to some of the security biz's small business customers.

Bitdefender, which makes antivirus software and other stuff, admitted its system was breached following rumors (here and here) that someone was holding the Romanian firm to ransom.

The crims wanted $15,000, or they would reveal the swiped customer records. Now some of that data has leaked online.

In response to queries from The Register on this score, Bitdefender said its systems were not infiltrated, but information was obtained. (It's possible the logins were intercepted by an attacker who managed to access the controls of Bitdefender's Amazon cloud account.)

Bitdefender told us:

We recently found a potential security issue with a single server. We immediately launched an investigation and found that a single application was concerned – a component of the public cloud – exposing a very limited number of usernames and passwords. Our investigation also revealed that the server was not penetrated, but a vulnerability potentially enabled exposure of a few user accounts and passwords.

The issue was immediately resolved and additional security measures were put in place in order to prevent it from reoccurring. As an extra precaution, a password reset notice was sent to all potentially affected customers, representing less than 1 per cent of our SMB customers. This does not affect our consumer or enterprise customers. Our investigation revealed no other server or services were impacted.

Bitdefender takes security of its customers very seriously and any issue that might involve the security of our customers or the security of our servers is treated with the utmost urgency and seriousness.

Breaches at security firms are always awkward and embarrassing, even if they're relatively minor. If you set yourself up to secure the systems of clients, then a perceived or real failure to keep your own house in order never looks good. ®

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like