We are at a time and age where hacking is rather common for websites, corporations, governments, agencies and many more but it is more embarrassing when a security company like BitDefender gets hacked.
BitDefender has been among the leading antivirus firms and this data breach is more embarrassing not because they failed to secure sensitive user data but the failure of BitDefender to encrypt user data such as usernames and passwords. One would expect a security based company like BitDefender to encrypt their data in the event of a breach but no they didn’t in fact the login details were in a pure unencrypted format.
The hacker who goes by the alias DetoxRansome was able to breakinto a BitDefender server which hosted the cloud-based management dashboard for small and medium sized business clients which had the usernames and passwords that belonged to them.
The hacker has demanded a $15,000 ransom otherwise he will publically release the credentials of its customers after he exposed a list over 250 BitDefender Accounts as proof. However BitDefender which admits that the system was breached and said the hacker didn’t penetrate the server but a security hole which could have been an SQL injection.
BitDefender is currently working with law enforcement agencies to investigate the issue and they claim that the issue was immediately resolved no other servers or services were impacted.
Much as this breach only affects less than 1% of its customers, it is still disappointing to read a headline about an anti-virus company getting hacked.