Sunday, 2 August 2015

Hackers Put Credentials BitDefender Clients Online



Hackers have penetrated systems of the antivirus company BitDefender and there have been captured under other login details of customers. According to the burglars appeared usernames and passwords are stored in simple text.

He calls himself DetoxRansome and had managed to seize confidential identification data of users present on the firm's server. It is unfortunate that hackers can touch a security company but that's not all ... expect the best!

The stolen data is put online by hackers. Across Forbes confirmed BitDefender to a number of client user names and passwords were stolen. The Romanian antivirus company said that the servers are not cracked, but the hackers used a vulnerability in an application within its cloud service, which data could be intercepted. Ultimately, less than one percent of customers are exposed to hackers, says BitDefender. The problem should now be resolved and affected customers received the message with the request to change their password.

On the underground Web, DetoxRansome hacker is selling data for Bitcoins 8 and clarifies that the vulnerability stems Amazon Elastic Web service that often has problems with SSL. To err is human, and it is via a sniffing technique that he could compromise private data, as explained Hack Film . In short, no zero day vulnerability is involved.


Contrary to what the BitDefender notify the hackers that they are in control of two servers that the company uses to provide its cloud services. They used to intercept logins, so they told Forbes. On his BitDefender servers would use Amazon Elastic Web. Users of this service are responsible for implementing security on communications between server and client.


Approximately 250 customers data is put online. The hackers decided to proceed to publication as BitDefender's ransom did not pay for the information. The company was then embarrassments since the conscious data stored in simple text, and so were not encrypted. Therefore could potentially be easily abuse of the stolen data. Whether that actually happened is not known. BitDefender also did not let go or it's going to work with encryption in the future.

1 comment:

  1. Please, will you really post some more things about the same issue; I am actually a great fan of your blog... click here

    ReplyDelete