Emsisoft Data Breach - Incident report

Minimalist

Level 9
Thread author
Verified
Well-known
Oct 2, 2020
439
Today, February 3rd 2021, at around 15:20 UTC, we became aware of a data breach on one of our test systems. We used the system to evaluate and benchmark possible solutions relating to the storage and management of the log data generated by our products and services.

 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Unfortunately, due to a configuration error, one of the databases was accessible to unauthorized third parties from January 18th 2021 to February 3rd 2021. We have reason to believe that at least one individual accessed some or all of the data contained within that database.

The stolen data in question consists of technical logs produced by our endpoint protection software during normal usage, such as update protocols, and generally does not contain any personal information like passwords, password hashes, user account names, billing information, addresses, or anything similar. However, as part of the investigation, we noticed that 14 customer email addresses were part of the scan logs due to detections of malicious emails stored in the users’ email clients.
Pretty bad news, and Emsisoft doing the right decision to disclose the breach and bite down on the " sour lemon " that will hit them for sure. Personal I wonder what database this was. I wouldn't be super surprised if it's a damn Elasticsearch again. :rolleyes:
 

Cortex

Level 26
Verified
Top Poster
Well-known
Aug 4, 2016
1,465
Quote:
'The cherry tree myth is the most well-known and longest enduring legend about George Washington. In the original story, when Washington was six years old he received a hatchet as a gift and damaged his father’s cherry tree. When his father discovered what he had done, he became angry and confronted him. Young George bravely said, “I cannot tell a lie…I did cut it with my hatchet.” Washington’s father embraced him and rejoiced that his son’s honesty was worth more than a thousand trees'
 

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
It seems that such attacks are pretty common nowadays. For example, the below large security firms were successfully attacked in 2020/2021: Microsoft, FireEye, SonicWall.:unsure:
But what is the common between these attacks to assume it is the same group behind them ?? however all this attacks was mainly for something like say not for profit such as ransomware or any other data breach for large financial institute :unsure: :unsure: ?
 
Last edited:

Fabian Wosar

From Emsisoft
Verified
Developer
Well-known
Jun 29, 2014
260
This wasn't a targetted attack. Based on the results of our internal investigations, we are pretty confident that this was an automated attack and not specifically targeted at Emsisoft. Also, our traffic logs indicate that only parts of the affected database were accessed and not the entire database. However, due to technical limitations, it’s impossible to determine exactly which data rows were accessed. So we continue to assume that the 14 rows that contained private information about users were accessed.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,040
If I correctly recall, another Microsoft breach in December 2019 was also accidental due to the misconfiguration of an internal customer support database used for Microsoft support case analytics. They also claimed that there was no evidence that cybercriminals accessed the exposed database, but who knows the truth?
  • December 28, 2019 – The databases were indexed by search engine BinaryEdge.
  • December 29, 2019 – Comparitech researcher Bob Diachenko discovered the databases and notified Microsoft.
  • December 30-31, 2019 – Microsoft secured the servers and data. Diachenko and Microsoft continued the investigation and remediation process.
 
Last edited:

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
This wasn't a targetted attack. Based on the results of our internal investigations, we are pretty confident that this was an automated attack and not specifically targeted at Emsisoft. Also, our traffic logs indicate that only parts of the affected database were accessed and not the entire database. However, due to technical limitations, it’s impossible to determine exactly which data rows were accessed. So we continue to assume that the 14 rows that contained private information about users were accessed.
Thank you for your transparency. Data breaches suck and it seems like, thanks to your industry leading privacy practices, Emsisoft didn’t have a lot of personal info stored in the first place. This is the most humble and responsible way a company can handle this kind of incident.
 

Marko :)

Level 20
Verified
Top Poster
Well-known
Aug 12, 2015
954
TBH even if they did had some serious data breach, I'd still trust them. I was using their product for 1 year (when I had license for it) and they gained my trust in that period. Also, being privacy-oriented and transparent company is huge plus from my side.
 

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
When a failure or a problem occurs, what kind of post-processing does a company do and what kind of response does it take?

I think it is quite important not to make mistakes in those responses. Companies that cover up inconvenient things lack credibility.
I am convinced that emisi made the right decision by announcing this matter to the public at an early stage.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top