Jump to content

Malwarebytes user's data hacked?


Recommended Posts

Hi, just for your information:

I recently (in last 30 days) bought/renewed my MW software subscription by 1 more year and used my credit card here to pay it. In the process I contacted you by email couse I had some issues with subscription and

Just received in the last 24h some fraud attempts to use my credit card as payments for people who I don't know, nor initialized by me. So I looked for the last purchases I made (few) with my credit card, being MW one of them. Getting more info about it, just saw some news about MW being hacked, as in:

https://www.zdnet.com/article/malwarebytes-said-it-was-hacked-by-the-same-group-who-breached-solarwinds/


So, could it be that attackers got my data, included my credit card data from your site? Can you confirm it someway or by private message if customer's data could have been compromised?

Thanks for all your work.

Edited by AdvancedSetup
removed live hyperlink
Link to post
Share on other sites

Greetings,

No customer data was compromised during the recent attack.  Please refer to this Malwarebytes Labs article for details on what occurred.

With regards to the scam email you received, unfortunately we've been seeing a lot of these lately, and many of the users who have reported them to us weren't even Malwarebytes customers, so it appears to just be another mass email spam campaign, similar in nature to the porn scam emails and tech support scams we've seen for the past few years.  Using Malwarebytes' name is just another scam tactic unfortunately.  In the past they've attempted to pose as representatives of Microsoft, Norton/Symantec, Dell, and many others, all in attempts to trick users into paying them and/or giving them personal info and/or financial information.

As long as you don't respond to the scam email, you should be fine; just add the sender to your email's junk/spam list and that should help to prevent future scam attempts.

Please also refer to this support article for details on how to verify whether a renewal email is legitimate and how to spot scams (unfortunately we've seen a sufficient number of these that it was deemed prudent to create that knowledgebase article).

I hope that helps to set your mind at ease, and if there is anything else we can help with please let us know.

Thanks

Link to post
Share on other sites

9 minutes ago, exile360 said:

Greetings,

No customer data was compromised during the recent attack.  Please refer to this Malwarebytes Labs article for details on what occurred.

With regards to the scam email you received, unfortunately we've been seeing a lot of these lately, and many of the users who have reported them to us weren't even Malwarebytes customers, so it appears to just be another mass email spam campaign, similar in nature to the porn scam emails and tech support scams we've seen for the past few years.  Using Malwarebytes' name is just another scam tactic unfortunately.  In the past they've attempted to pose as representatives of Microsoft, Norton/Symantec, Dell, and many others, all in attempts to trick users into paying them and/or giving them personal info and/or financial information.

As long as you don't respond to the scam email, you should be fine; just add the sender to your email's junk/spam list and that should help to prevent future scam attempts.

Please also refer to this support article for details on how to verify whether a renewal email is legitimate and how to spot scams (unfortunately we've seen a sufficient number of these that it was deemed prudent to create that knowledgebase article).

I hope that helps to set your mind at ease, and if there is anything else we can help with please let us know.

Thanks

Thanks for your answer!

Sorry for the misunderstanding, but I received no scam email, just a valid email from you (from Cleverbridge: cleverbridge / Malwarebytes <no-reply@cleverbridge.com>, as saved payment method was changed/outdated couse of new terms) about Strong Customer Authentication which led me to domain https://store.malwarebytes.com  becouse my subscription could not be autorenewed using the credit card stored. So I talked with you by email becouse I had some trouble assigning a new Credit Card (it was the same, in fact) to my profile before it was sorted it out.

So, after all,  I´m not so sure that my payment data or other data was not compromised in that attack, becouse I received in the last hours payment attempts Bank messages(not emails, but REAL payment attempts or usages) with that credit card used in my profile. Thanks anyway for your answer and help!

Link to post
Share on other sites

OK, I'm not sure what the charge attempts were, but it's possible that it was simply an attempt to auto-renew your subscription, assuming the charge attempt originated from Cleverbridge.  You should contact your bank/credit card issuer and find out exactly where the charge originated, and you can contact Cleverbridge to verify that they were the ones attempting to charge your account for auto-renewal.

As mentioned, no customer information was compromised in the attack, so that should not be an issue, however if you are seeing unauthorized/unknown charge attempts to your card you should definitely contact your card issuer to get a new one to guard against any future fraudulent charge attempts.  If you do so, you should then be able to update your payment info in your account at My.Malwarebytes.com as described in this support article and you can find further info on how payment information is handled by Malwarebytes and how renewals occur by reading this support article, or if you have trouble doing so once again, you can contact Malwarebytes and they will send you a secure link to update your payment information (since they do not have direct access to your payment information for security reasons).

Link to post
Share on other sites

By the way, if you review the information from the Malwarebytes Labs article I linked to in my first reply, the hack attempt only gained access to a limited subset of internal Malwarebytes emails, and since there is no access to customer information (especially payment information) using Malwarebytes' internal staff email (this is why Malwarebytes Support has to send a link for changing payment info instead of being able to take your new card info directly, because they have no access to it), customer payment information was not compromised.  Malwarebytes has always been extremely cautious about how they handle customer data to prevent any sort of infiltration or attacks from being able to compromise any sensitive customer info, especially payment information.

If you are still concerned, I'd recommend contacting Malwarebytes Support again directly via the form on this page and they will assist you, however as mentioned, they do not have access to any customer payment information.

Link to post
Share on other sites

No, attempts weren't from you nor cleverbridge, but from other fraudulent people, but what I meant is that I thought my credit card data was stolen from your site/cleverbridge or in the transaction by other people in that attack and that fraudulent people tried to use it to make charges or payment attempts in other sites/ways.

Thanks for all the info. Reading the article as you mentioned, it seems personal and payment data was not compromised, so I would check with my bank/card issuer.

Link to post
Share on other sites

The attack was completely unrelated to Cleverbridge, who have their own servers and systems and security measures for protecting any sensitive information.

Yes, definitely check with your card issuer, because if someone does have your card info, depending on the security measures in place to protect against fraudulent charges, they might be able to eventually succeed in charging your card.

If there is anything else we might assist you with please let us know.

Thanks

Link to post
Share on other sites

  • Root Admin

Malwarebytes investigation shows the SolarWinds attack focused on internal email and did not impact our products or production systems. Our software and services remained safe to use. Given this, we determined a blog post is the most effective notification method. 

In addition, our blog describes the measures we took to ensure our users remained safe after first learning of a potential breach.  

https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/

 

  • Thanks 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.