Security firm Bitdefender hacked; leaked passwords are unencrypted

Popular security firm and antivirus vendor Bitdefender has been hacked and customers data were leaked online. Worst thing about the hack is that stored passwords were unencrypted. This hack has now become embarasing for the company. It is not because it failed to secure customer data, but it save passwords in plain text which was not expected.

Company claimed that their server was not hacked but hacker gained access by exploiting some kind of vulnerability which could be SQL injection. Company didn’t confirm how many customers record were affected but confirmed that less than one per cent of leaked data is of SMB customers.

Hacked leaked about 250 records and threaten to leak more in coming days. hacker also demanded $15,000 from company for not leaking more data. Company has not yet paid the money to hacker.

DetoxRansome, hacker behind the attack claimed that they got access to two Bitdefender cloud servers. He confirmed that passwords were saved in plain text.

Company has already started the investigation to know how much data was affected and how the hack was performed. But this is really a bad news that a big security firm is storing customer’s password in plain text.

Source: Hackerfilm

Related Posts

73 Microsoft GitHub Repos Compromised in Miasma Malware Attack

Your Smart TV Could Be Helping Train AI Models Without You Realizing It

Instagram Fixes Password Reset Bug That Exposed Users' Email Addresses and Phone Numbers

Microsoft Fixes Critical Edge Vulnerability That Could Allow Remote Code Execution

Critical Everest Forms Pro Vulnerability Under Active Attack