Anti-Virus Firm BitDefender Admits Breach, Hacker Claims Stolen Passwords Are Unencrypted

Status
Not open for further replies.

Terry Ganzi

Level 26
Thread author
Verified
Top Poster
Well-known
Feb 7, 2014
1,540
BitDefender, a much-respected anti-virus firm, has leaked a portion of its customers’ usernames and passwords after facing an extortion attempt by a hacker, going by the name DetoxRansome.

The perpetrator told FORBES all the data he stole was unencrypted. Usernames and passwords seen by your reporter were in plain text and would have been difficult to crack if previously encrypted, given the quality of the passwords. Law enforcement have been called in and an investigation is underway.

The Romanian security company said in an emailed statement it found a potential security issue with a server and determined a single application was targeted – a component of its public cloud offering. The attack did not penetrate the server, but “a vulnerability potentially enabled exposure of a few user accounts and passwords”. The attack leaked a “very limited” number of usernames and passwords, representing “less than one per cent of our SMB customers”, the spokesperson said.

“The issue was immediately resolved and, additional security measures were put in place in order to prevent it from reoccurring. As an extra precaution, a password reset notice was sent to all potentially affected customers,” the spokesperson added. “This does not affect our consumer or enterprise customers. Our investigation revealed no other server or services were impacted.” You can read the rest here at= http://www.forbes.com/sites/thomasbrewster/2015/07/31/bitdefender-hacked/
 

Petrovic

Level 64
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,354
BitDefender hacked, unencrypted customer information compromised, hacker demands ransom from the AV firm in return for the exploit and stolen database.
One of the world’s leading anti-virus solutions vendor BitDefender has been hacked by a hacker going by the name of DetoxRansome. The hacker claims to have access to the BitDefender customer information including passwords, which the hacker claims were stored in unencrypted format by BitDefender.

bitdefender hacked !!!!!

— tartarus_destroyer (@detoxransome) July 26, 2015



guess what guys bitdefender has been toppled by yours truly

— tartarus_destroyer (@detoxransome) July 24, 2015

DetoxRansome has been demanding ransom from BitDefender according to Forbes. The hacker has even showed the Thomas Brewster of Forbes the unencrypted usernames and passwords purportedly belonging to the BitDefender customers.

BitDefender in a emailed statement has stated that it found a potential security issue with a server and determined a single application was targeted – a component of its public cloud offering.

BitDefender added that the hacker could not penetrate the server but had gained access to a few usernames and passwords due to a vulnerability. The company did not state as to how many customer user accounts were compromised but said that the compromised customers were“less than one per cent of our SMB customers.”

“The issue was immediately resolved and, additional security measures were put in place in order to prevent it from reoccurring. As an extra precaution, a password reset notice was sent to all potentially affected customers,” the spokesperson added. “This does not affect our consumer or enterprise customers. Our investigation revealed no other server or services were impacted.”

Researchers, Travis Doering & Dan McPeake from the Hacker Film stated on their blog that DetoxRansome had demanded $15000 as ransom from BitDefender on 24th July in return for the stolen data base and the exploit which the hacker used. Further the hacker had threatened to leak the database if the ransom demand was not met.

Twitter%2B1.png


When the BitDefender took their tweet lightly, they tried again to convince BitDefender to pay up the ransom amount on 25th July.

Hacker Film notes that,

“DetoxRansome made his second attempt to monetize Bitdefender’s freshly stolen data, as well as the exploit with which he procured it. DR posted a listing on a pastee page detailing the private sale of what he later described in an email as “access to all usernames and passwords persistently to their (Bitdefender) flagship products”. He posted a sample of some of what he had stolen which contained the plain text username and matching passwords for over 250 active Bitdefender accounts. Travis Doering and Bitdefender were able to confirm many of them as active accounts. In the body of the pastee post DR also listed the following message “This is a sample I have more, email for details of the hole (EMAIL REDACTED)” Those words then launched an online bidding war for the stolen credentials and details of the exploit used by DR.”

The data that the hacker dumped online contained 250 customer usernames and passwords and were confirmed by BitDefender to be active customers of their firm.

On Tuesday, 28th July in another email, DetoxRansome said they had taken control of two BitDefender cloud servers and “got all logins” contrary to the BitDefender’s statement.

The hacker also said that the data they had access to was unencrypted, “Yes they were unencrypted, I can prove it… they were using Amazon Elastic Web cloud which is notorious for SSL [a form of web encryption]problems.”

The Romania based AV firm has not yet paid the ransom demanded by the hackers and said that the authorities were investigating the matter.

The Hacker Film noted on 29th July that the BitDefender compromised data was being sold on the Dark Web underground forums.

Of late, anti virus makers have been targeted by the cyber criminals. Earlier it was reported by the NSA contractor cum whistleblower, Edward Snowden that NSA had targeted almost all major antivirus companies including BitDefender. Close on the heels of that revelation, Google researcher, Tavis Ormandy discovered worrisome flaws in ESET antivirus on 24th June, 2015.
------------------------------------------------------------------------------------------------------------
Great AV firm
1qtp5tnxcm.gif
1qtp5tnxcm.gif
1qtp5tnxcm.gif
 

Razor555

Level 5
Verified
Sep 15, 2014
246
BitDefender sucks? :p Customer support is awful and their software is trash so i am not surprised...
 
  • Like
Reactions: Petrovic

Razor555

Level 5
Verified
Sep 15, 2014
246
So sad that one of the big players was hacked, being hacked by an independent attacker nonetheless. The leaders in the industry are being hacked, I don't know where to place my faith anymore :(

Things are no longer made for high quality protection in mind if you haven't noticed.
Most of them now are more focused on how to spy on a system...
 

Kate_L

in memoriam
Verified
Top Poster
Well-known
Jun 21, 2014
1,044
BitDefender is not that respected, the media tells us that but it's not true. Also, they failed ... again.

Respected AV are: ESET, Kaspersky, Symantec, Mcafee, AVAST, Microsoft.
 
  • Like
Reactions: Sloth

JakeXPMan

Level 17
Verified
Top Poster
Well-known
Oct 20, 2014
804
BitDefender is not that respected, the media tells us that but it's not true. Also, they failed ... again.

Respected AV are: ESET, Kaspersky, Symantec, Mcafee, AVAST, Microsoft.

I always seen most AV's with similar pros and cons, including their own headquarters.

I'm curious to how you trust these more then Bitdefender? Avast IMO, sorta bends the trust factors, but then "redeems" it when its uncovered by their users. (Open Candy, Adware spying) Not a big deal, but not great either.

Would one trust Symantec or McAfee fully?

Where does Panda, Qihoo, AVG, Avira, and Comodo fit into trust, respect etc. It interests me a lot, which companies are more respected by their user base.

I'd like to know more but only have a limit on what I have experienced or read about. Anyone have info or stats PM me and I'd be happy to read further into this subject :)
 
Last edited:

Kate_L

in memoriam
Verified
Top Poster
Well-known
Jun 21, 2014
1,044
Their technology level:
ability to recognize, emulate, unpack, and remove something more serious than joking viruses from MSDOS or 7 years old lolkits

Their infrastructure:
ability to quickly process large amounts of data worldwide

Their R&D:
ability to track current malware trends and develop quick response for it, and not write about something months old like for example chronical slowpokes from F-Secure with their comedy section Sirefef/TDSS discoveries
 

omidomi

Level 71
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
BitDefender is not that respected, the media tells us that but it's not true. Also, they failed ... again.

Respected AV are: ESET, Kaspersky, Symantec, Mcafee, AVAST, Microsoft.
Symantec And Mcafee show they are not trustfull!
Microsoft also!
but eset and Kaspersky Yes:)
 
  • Like
Reactions: Overkill

omidomi

Level 71
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
Things are no longer made for high quality protection in mind if you haven't noticed.
Most of them now are more focused on how to spy on a system...
do you have any source,files or etc..., for show that they spy on their users??
 
  • Like
Reactions: Butterfly

omidomi

Level 71
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
BitDefender sucks? :p Customer support is awful and their software is trash so i am not surprised...
Customer support is awful (yes i use this software for 6 month very bad support)
but i do't agree with this word " trash" :)
 
  • Like
Reactions: Butterfly

Razor555

Level 5
Verified
Sep 15, 2014
246
Customer support is awful (yes i use this software for 6 month very bad support)
but i do't agree with this word " trash" :)

You would do much better if you used something like bullguard for example. That's how bad BD is... ))
BTW at least bullguard has awesome customer support, its live chat too!!
 
  • Like
Reactions: omidomi

omidomi

Level 71
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
You would do much better if you used something like bullguard for example. That's how bad BD is... ))
BTW at least bullguard has awesome customer support, its live chat too!!
bitdefender have live chat also :D
but its 4 months i used Emsisoft yea its great they reply very fast :)
great customer support: Eset,Emsisoft,Trust Port,Kaspersky
good : G data, Dr.Web, Panda.
Worst: bitdefender,symantec,Avg
another av I never test:D
 
  • Like
Reactions: Butterfly

tonibalas

Level 40
Verified
Honorary Member
Top Poster
Well-known
Sep 26, 2014
2,973
My opinion all companies have issues.

A few days ago i read 2 threads one about Kaspersky and the other one was for Eset.

About Kaspersky if i remember correctly there was a rumor that there servers were hacked:cool: but Kaspersky denied it.

And Eset i think i saw a video that Eset was uninstalled by a malware while self defence was active:cool:.
What i want to say is that all companies face some problems but this doesn't mean that they provide us with bad software. Just my opinion;)
 

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
My opinion all companies have issues.

A few days ago i read 2 threads one about Kaspersky and the other one was for Eset.

About Kaspersky if i remember correctly there was a rumor that there servers were hacked:cool: but Kaspersky denied it.

And Eset i think i saw a video that Eset was uninstalled by a malware while self defence was active:cool:.
What i want to say is that all companies face some problems but this doesn't mean that they provide us with bad software. Just my opinion;)
Kaspersky was hacked and they even made a blog post about it https://blog.kaspersky.com/kaspersky-statement-duqu-attack/ .
At least Bitdefender admitted it like Kaspersky, but they have yet to announce it to their customers.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top