Sophos company notified customers of data breach
UK-based cybersecurity solutions provider Sophos is notifying customers of a data breach incident that occurred earlier this week.
The official message received by the company’s customers by e-mail says:
“On November 24, 2020, Sophos became aware of a permissions issue with a tool used to store information about customers who have contacted Sophos support.”
Due to a company error, information about Sophos customers was leaked, including such data as first and last name, email addresses and phone numbers (if provided).
Representatives of Sophos told ZDNet that only “small groups” of customers were affected, but did not even specify the approximate number of victims of the leak.
It is also reported that the company learned about the misconfiguration of the tool from a security researcher, and the problem has now been fixed.
“At Sophos, customer privacy and security are always our top priorities. We contact all affected customers. In addition, we are taking additional measures to ensure that the access permission settings are always secure”, – said representatives of the company Sophos.
The publication reminds that this is the second serious incident that Sophos has faced this year. In April 2020, a group of hackers discovered a 0-day vulnerability in the Sophos XG firewall. Criminals used this bug to hack companies around the world and deployed the Asnarok Trojan on infected networks.
Hackers then used SQL injection to load payloads onto devices. This payload then hijacked the XG Firewall files. The stolen data could include the names and hashed passwords of device administrators, as well as user credentials used to remotely access the device.
Attackers could also steal license and firewall serial number data, and user emails. Experts assure that passwords for other authentication systems, such as AD or LDAP, were not damaged as a result of attacks.
Recall that we have already written about similar incidents with suppliers of information security solutions. For example, researchers recently discovered that Attackers can use Microsoft Defender to download viruses and malware, and more recently Chinese hackers used McAfee antivirus for spreading the malware.