Jump to content

CCleaner affected in MOVEit data breach.


nukecad

Recommended Posts

 It been interesting at the CCleaner forum for the last couple of days.

They have admitted being affected in the zero-day MOVEit data breach.

They sent emails about it to affected customers, offering free security software, but didn't bother to give us mods at CCleaner forum a heads-up.
So the first we knew was when a user asked on the forum about the email, and not having been given any information about it we assumed it was phishing.

I myself have even made a small part in the news over it, albeit for initially getting it wrong and saying it was phishing, and cybernews inflated my status to Admin (probably because that reads better than a mod).
https://cybernews.com/news/ccleaner-confirms-data-breach/

 

TBH I expect that we are going to see quite a few similar MOVEit breach stories from other companies in the coming days and weeks.

Edited by nukecad
  • Like 1
  • Sad 2
Link to post
Share on other sites

  • nukecad changed the title to CCleaner affected in MOVEit data breach.

The plot thickens.

Apparently Gen Digital, who now own CCleaner, reported back in June that they had been affected by the MOVEit Transfer vulnerability:
https://securityaffairs.com/147739/cyber-crime/gen-digital-moveit-ransomware-attack.html

Did CCleaner somehow think (hope) that they had not been impacted too? Or have they just been very slow to react?

Here's the official page from Progress on the vulnerability and patches:
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023

  • Like 1
Link to post
Share on other sites

16 hours ago, AdvancedSetup said:

So it seems they knew about it at CCleaner but didn't report till much later

 

I couldn't comment on when they first knew that some of their cusomers data may have/had been harvested, it's not something that they have revealed to customers.

I'd assume that the Gen Digital reporting would have included all of the companies in the group.
(Norton, Avast, LifeLock, Avira, AVG, ReputationDefender, and CCleaner).
After all MOVEit is used to (securely?) transfer data around organisations and companies.

So it then becomes a case of when (if) the individual companies inform their users.

Do you tell all of your customers straight away?
Or do you wait for confirmation that some of your particular customers data has been harvested?

I suspect that many/most companies would take the second option.
Ostensibly so as not to worry their customers unnecessarily, but also of course avoiding any adverse publicity.

PS. It still isn't clear at the moment just how many CCleaner customers may have been affected and so are/will be receiving these emails.
Those who do get an email are being offered Avast BreachGuard for 6 months for free, so they can monitor the dark web for their email turning up there.
(And perhaps not cancel the subscription and keep/pay for it after the 6 months free? Am I being too cynical? I suspect not).

Edited by nukecad
Link to post
Share on other sites

It appears that Avast (also part of Gen Digital) sent out similar emails at the same time.

I've not checked the others (yet) but assume that this has been a Gen Digital group wide release.

The customers on the Avast forum are also pretty unhappy - both about the data breach itself  and how these emails have been handled with no real information other than the email itself just turning up out of the blue.

Link to post
Share on other sites

8 hours ago, nukecad said:

<snip>
Those who do get an email are being offered Avast BreachGuard for 6 months for free, so they can monitor the dark web for their email turning up there.
<snip>

Avast is affected by the Breach and they are offered Avast BreachGuard ?  That's not a proper response.  It must be a third party

  • Like 2
Link to post
Share on other sites

We are still not being told any details;

from what I can work out myself it appears to be some customer licence account details, name, email address, and possibly licence key, that were intercepted during/following a transfer of files using MOVEit.
No financial or other such details appear to have been harvested. (They use Cleverbridge so don't have such financial data stored with the license accounts).
I could be wrong, but from what I can see that's what it's looking like to me at the moment.

If what I speculate has happened is correct then it's only going to be a very small number of customers that may have been affected.
That seems to be being bourne out on the fora where we are only seeing a very few reporting they have actually had the email, - only 3 at CCleaner forum, at least up to now.
I would expect to see many more than 3 reports, questions, and complaints on the forum if they had sent a lot of emails out.
EDIT- Just checking on the Avast forum and it appears to be a similar number, 3 or 4, who report actually getting the email.

Avast BreachGuard is not an antimalware of any kind, it just monitors the web to see if your email, or other data, turns up in any online listings.
TBH it seems a superfluous software to me; you can do much the same yourself by checking on haveibeenpwnd regularly - and assuming that if it's on havibeenpwnd then it is going to end up on such a list sooner or later.

Edited by nukecad
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.