One of the world’s largest commercial anti-virus solutions on the market, BitDefender, has suffered a data breach by a hacker known as DetoxRansome. The hacker claims to have access to all BitDefender customers’ information, including usernames and passwords, which the hacker admitted were being stored in an unencrypted format at the time.
Following the hack, DetoxRansom instantly posted a tweet boasting his success:
bitdefender hacked !!!!!
— tartarus_destroyer (@detoxransome) July 26, 2015
guess what guys bitdefender has been toppled by yours truly
— tartarus_destroyer (@detoxransome) July 24, 2015
The hacker then continued to threaten the antivirus company with a ransom, according to sources at Forbes. To prove their success, the hacker even offered Forbes a peek into the unencrypted database containing a large list of customers usernames and passwords in plain text.
BitDefender immediately notified all customers of the breach via email, stating is found a potential security flaw within its internal servers, where a single application apart of their public cloud was the target of attack.
The company added that the hacker was not able to penetrate internal servers, but did happen to gain access to a couple of username and passwords due to a vulnerability within the system. The company withheld how many customers may have been affected in the BitDefender breach, but said compromised customers consisted of “less than one per cent of our SMB customers.”
“The issue was immediately resolved and, additional security measures were put in place in order to prevent it from reoccurring. As an extra precaution, a password reset notice was sent to all potentially affected customers,” a BitDefnder spokesperson said. “This does not affect our consumer or enterprise customers. Our investigation revealed no other server or services were impacted”
According to two security researchers Travis Doering and Dan McPeake of Hacker Film, the hacker has demanded the antivirus firm fork over $15,000 as a ransom demand by the 24th of July, or the hackers will abuse and exploit the database. The hacker even threatened the leak the database public if the company doesn’t meet their demands.
The researchers continued on, stating:
“DetoxRansome made his second attempt to monetize Bitdefender’s freshly stolen data, as well as the exploit with which he procured it. DR posted a listing on a pastee page detailing the private sale of what he later described in an email as ‘access to all usernames and passwords persistently to their (Bitdefender) flagship products’. He posted a sample of some of what he had stolen which contained the plain text username and matching passwords for over 250 active Bitdefender accounts. Travis Doering and Bitdefender were able to confirm many of them as active accounts. In the body of the pastee post DR also listed the following message ‘This is a sample I have more, email for details of the hole (EMAIL REDACTED)’ Those words then launched an online bidding war for the stolen credentials and details of the exploit used by DR.”
The hacker managed to leak a small number of accounts, around 250, and the accounts were active customers of the anti-virus confirmed by BitDefender.
On Tuesday, July 28th, the hacker claimed to have compromised two of BitDefender’s cloud servers to obtain all customer login information.
“Yes they were unencrypted, I can prove it… they were using Amazon Elastic Web cloud which is notorious for SSL [a form of web encryption] problems,” the hacker said explaining how the data was left unencrypted.
Hacker Flim confirmed on July 29th that BitDefender customer data was being sold on underground dark web forums.
The BitDefender data breach comes just as ex-NSA contractor, Edward Snowden revealed that the NSA actively exploits anti-virus firms, such as BitDefender in order to evade detection during their hacking operations.