Russia in Malwarebytes Sytems?

[NLU]

So, Malwarebytes announces several days ago, to the media, that they were hacked by Russia but, communicates NOTHING to end users?  Great form guys!  Whats is the deal?  Have end-users been put at risk in any way? Is our personal  info or systems info compromised in any way?  Why should I still trust my systems to Malwarebytes?

[exile360]

Greetings,

Malwarebytes published this article in the Malwarebytes Labs blog which they encourage their users and customers (and anyone else interested in learning about cyber-security and/or Malwarebytes) to read it regularly.  The article explains the nature of the attack and details with regards to its impact.

[brcd]

I get the letter each and every month.  Always informative. And it is free!

[exile360]

9 minutes ago, brcd said:

I get the letter each and every month.  Always informative. And it is free!

Yes, there's also the Malwarebytes newsletter which users can sign up for; I don't recall if the last one mentioned the attack or not, but it is likely that it did.  Anyone interested in Malwarebytes can sign up by entering their email into the submission form on the bottom of pretty much every page of the main Malwarebytes website: https://www.malwarebytes.com/

Social media channels such as Facebook and Twitter are also an option for users who want to keep in touch and stay up to date on all things Malwarebytes.

[alvarnell]

If there had been any direct impact to users, I feel certain that those users would have been notified, but since only a limited number of internal emails were accessed, it seems to me that the quick and thorough explanation of what happened to authorities, the industry and in their blog was quite adequate.

[exile360]

Yeah, if that had happened I'm confident they would have shot an email out to all users, at least for the ones they have email addresses for along with posting about it on all public channels.

[brad03]

Malwarebytes has stated that they have reverse engineered the software and it is also safe to use and was not compromised the software is safe and im using it as well as many other experts. 

Edited January 30, 2021 by brad03
Sorry for the misspelling...

[NLU]

Thank for the replies everyone.  I had not heard a word about the M-bytes intrusions until I saw it in the news.  I was not getting the e-mail newsletters either so, I have signed up.   I'm running M-bytes for Home Premium and Privacy VPN on my MBA M1 and I am very pleased that I have a safety net.  Even though the haters say that you don't need it on a Mac; it feels good to have it and the alledged "hit" on the system....well there is no discernible "hit" to the system in my daily use and experience.  MBA M1 runs as smooth as ever and the battery life is still ridiculously long.  Looking forward to the release of the Universal apps when they come.  IMHO ... M-bytes is quite Mac friendly and is legitimately a non-disruptive guest on the system.  Thanks again for all the replies and good info.

[exile360]

Yep, Malwarebytes' Developers try to keep the app as light as possible (on all platforms), and given the widespread use of Macs these days, they're a more enticing target for the bad guys than ever so having an extra layer of defense like Malwarebytes is certainly a good idea.

[brcd]

For. those not aware of the MB labs, here is a link to MB blogs:

https://blog.malwarebytes.com

[AdvancedSetup]

Malwarebytes investigation shows the attack focused on internal email and did not impact our products or production systems. Our software and services remained safe to use. Given this we determined a blog post is the most effective notification method. 

In addition, our blog describes the measures we took to ensure our users remained safe after first learning of a potential breach.  

https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/