Updates Emsisoft Data Breach - Incident report

Minimalist

Level 6
Oct 2, 2020
276
Today, February 3rd 2021, at around 15:20 UTC, we became aware of a data breach on one of our test systems. We used the system to evaluate and benchmark possible solutions relating to the storage and management of the log data generated by our products and services.

 

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,370
Unfortunately, due to a configuration error, one of the databases was accessible to unauthorized third parties from January 18th 2021 to February 3rd 2021. We have reason to believe that at least one individual accessed some or all of the data contained within that database.

The stolen data in question consists of technical logs produced by our endpoint protection software during normal usage, such as update protocols, and generally does not contain any personal information like passwords, password hashes, user account names, billing information, addresses, or anything similar. However, as part of the investigation, we noticed that 14 customer email addresses were part of the scan logs due to detections of malicious emails stored in the users’ email clients.
Pretty bad news, and Emsisoft doing the right decision to disclose the breach and bite down on the " sour lemon " that will hit them for sure. Personal I wonder what database this was. I wouldn't be super surprised if it's a damn Elasticsearch again. :rolleyes:
 

Cortex

Level 26
Verified
Aug 4, 2016
1,515
Quote:
'The cherry tree myth is the most well-known and longest enduring legend about George Washington. In the original story, when Washington was six years old he received a hatchet as a gift and damaged his father’s cherry tree. When his father discovered what he had done, he became angry and confronted him. Young George bravely said, “I cannot tell a lie…I did cut it with my hatchet.” Washington’s father embraced him and rejoiced that his son’s honesty was worth more than a thousand trees'
 

DDE_Server

Level 22
Verified
Sep 5, 2017
1,096
It seems that such attacks are pretty common nowadays. For example, the below large security firms were successfully attacked in 2020/2021: Microsoft, FireEye, SonicWall.:unsure:
But what is the common between these attacks to assume it is the same group behind them ?? however all this attacks was mainly for something like say not for profit such as ransomware or any other data breach for large financial institute :unsure: :unsure: ?
 
Last edited:

Fabian Wosar

From Emsisoft
Verified
Developer
Jun 29, 2014
260
This wasn't a targetted attack. Based on the results of our internal investigations, we are pretty confident that this was an automated attack and not specifically targeted at Emsisoft. Also, our traffic logs indicate that only parts of the affected database were accessed and not the entire database. However, due to technical limitations, it’s impossible to determine exactly which data rows were accessed. So we continue to assume that the 14 rows that contained private information about users were accessed.
 

Andy Ful

Level 71
Verified
Trusted
Content Creator
Dec 23, 2014
6,029
If I correctly recall, another Microsoft breach in December 2019 was also accidental due to the misconfiguration of an internal customer support database used for Microsoft support case analytics. They also claimed that there was no evidence that cybercriminals accessed the exposed database, but who knows the truth?
  • December 28, 2019 – The databases were indexed by search engine BinaryEdge.
  • December 29, 2019 – Comparitech researcher Bob Diachenko discovered the databases and notified Microsoft.
  • December 30-31, 2019 – Microsoft secured the servers and data. Diachenko and Microsoft continued the investigation and remediation process.
 
Last edited:

MacDefender

Level 14
Verified
Oct 13, 2019
688
This wasn't a targetted attack. Based on the results of our internal investigations, we are pretty confident that this was an automated attack and not specifically targeted at Emsisoft. Also, our traffic logs indicate that only parts of the affected database were accessed and not the entire database. However, due to technical limitations, it’s impossible to determine exactly which data rows were accessed. So we continue to assume that the 14 rows that contained private information about users were accessed.
Thank you for your transparency. Data breaches suck and it seems like, thanks to your industry leading privacy practices, Emsisoft didn’t have a lot of personal info stored in the first place. This is the most humble and responsible way a company can handle this kind of incident.
 

show-Zi

Level 30
Verified
Jan 28, 2018
1,931
When a failure or a problem occurs, what kind of post-processing does a company do and what kind of response does it take?

I think it is quite important not to make mistakes in those responses. Companies that cover up inconvenient things lack credibility.
I am convinced that emisi made the right decision by announcing this matter to the public at an early stage.
 
Top