Antivirus solution provider Emsisoft reported data leak
Antivirus solution provider Emsisoft reported that its specialists became aware of a data leak from one of the test systems.
According to Emsisoft representatives, an unknown third party gained access to a database containing technical logs.
The problem was that the test system turned out to be incorrectly configured and accessible via the Internet, and with it was accessible the abovementioned database. This system was used to manage the log data generated by Emsisoft products and services.
“We used the system to evaluate and benchmark possible solutions relating to the storage and management of the log data generated by our products and services. Immediately after becoming aware of the breach, we took the affected system offline and started an investigation”, — Emsisoft specialists report.
Due to an employee error, the database became available to everyone on January 18, 2021, and the leak was discovered and eliminated only on February 3, 2021.
There was reportedly little confidential information in the database: 14 email addresses belonging to seven different organizations. However, the database contained many production logs, and an investigation showed that at least one attacker “gained access to some or all of the data contained in this database.”
“Stolen data consists of technical logs generated by our security software during normal operations, such as update protocols. Typically [such logs] do not contain any personal information, including passwords, password hashes, user account names, billing information, addresses, and so on”, — the company said.
The aforementioned 14 email addresses that were stored in the database got there through the scanners’ logs, as malicious emails were found in users’ email clients.
Also, Emsisoft added that it was an automatic attack, and not specifically aimed at Emsisoft.
In addition, the company’s traffic logs indicated that only portions of the vulnerable database were accessed, and not the entire database. However, due to technical limitations, it is not possible to determine exactly which data rows were accessed.
Let me remind you that Malwarebytes suffered from hackers that arranged SolarWinds attack. However, then it turned out that the list of victims of security solutions providers has expanded: it included Mimecast, Palo Alto Networks, Qualys and Fidelis Cybersecurity.