Popular security firm and antivirus vendor Bitdefender has been hacked and customers data were leaked online. Worst thing about the hack is that stored passwords were unencrypted. This hack has now become embarasing for the company. It is not because it failed to secure customer data, but it save passwords in plain text which was not expected.
Company claimed that their server was not hacked but hacker gained access by exploiting some kind of vulnerability which could be SQL injection. Company didn’t confirm how many customers record were affected but confirmed that less than one per cent of leaked data is of SMB customers.
Hacked leaked about 250 records and threaten to leak more in coming days. hacker also demanded $15,000 from company for not leaking more data. Company has not yet paid the money to hacker.
DetoxRansome, hacker behind the attack claimed that they got access to two Bitdefender cloud servers. He confirmed that passwords were saved in plain text.
Company has already started the investigation to know how much data was affected and how the hack was performed. But this is really a bad news that a big security firm is storing customer’s password in plain text.
Source: Hackerfilm