Hacker steals Bitdefender customer info, blackmails company

A hacker has managed to access a database containing usernames and passwords of customers of Romanian AV maker Bitdefender, and has tried to blackmail the company into paying $15,000 so that the information doesn’t get released to the public.

The breach happened two weeks ago, and DetoxRansome (as the hacker calls himself) did ultimately release some of the login credentials on Twitter and via a paste site, as well as screenshot that proved that the credentials can be used to access the enterprise security solutions page of many companies – all in an attempt to prove the veracity of his claims and entice potential buyers.

Travis Doering and Dan McPeake have been following the situation as it unfolded, and the hacker’s attempts to monetize the stolen data.

The hacker told Forbes that he compromised two BitDefender cloud servers, and that the data held on them is not encrypted.

Bitdefender confirmed the compromise.

“We recently found a potential security issue with a single server. We immediately launched an investigation and found that a single application was concerned – a component of the public cloud – exposing a very limited number of usernames and passwords. Our investigation also revealed that the server was not penetrated, but a vulnerability potentially enabled exposure of a few user accounts and passwords,” they stated.

“The issue was immediately resolved and additional security measures were put in place in order to prevent it from reoccurring. As an extra precaution, a password reset notice was sent to all potentially affected customers, representing less than 1% of our SMB customers. This does not affect our consumer or enterprise customers. Our investigation revealed no other server or services were impacted.”

Don't miss