Bitdefender Hacked, Customer Data Stolen by Detox Ransome

Bitdefender, one of the most popular AV software makers, has been hacked and there is a an ongoing extortion plot putting more than 400 mil customers at risk.

A hacker using a name DetoxRansome attempted to blackmail Bitdefender using Twitter, on July 24th, asking for $15000.

I want 15,000 us dollars or I leak your customer base

This message was then followed by a tweet containing login credentials for two BitDefender staff member’s accounts and another one belonging to a customer.

On the next day DetoxRansome made his second attempt to monetize Bitdefender’s freshly stolen data, as well as the exploit with which he procured it. DR posted a listing on a pastee page detailing the private sale of what he later described in an email as “access to all usernames and passwords persistently to their (Bitdefender) flagship products”. He posted a sample of some of what he had stolen which contained the plain text username and matching passwords for over 250 active Bitdefender accounts. Travis Doering and Bitdefender were able to confirm many of them as active accounts. In the body of the pastee post DR also listed the following message “This is a sample I have more, email for details of the hole (EMAIL REDACTED)” Those words then launched an online bidding war for the stolen credentials and details of the exploit used by DR.

On 28th July DR began exploiting the usernames and passwords to breach many of Bit Defenders clients. “this has the potential of being huge as I’m able to sniff all customer usernames and passes gov mil pharm etc this is big as i was able to hack posworks.com.au by using this” DetoxRansome writes. In his attempt to impress the potential buyer, DR also sent screenshots of him accessing the enterprise security solutions page of many companies. DR claimed that “I can login to there full enterprise security solutions i have their logins to their shit not just customers“.

Reached by Travis Doering late Monday evening, Bitdefenders Marius Buterchi confirmed the
hacking of accounts, and said the company was “Aware of the issue and have reset the passwords for the customers who’s credentials have been made public.” He added “They are actively investigating how these passwords were made public.”

When asked how DetoxRansome was able to procure the usernames and passwords, he responded that “I’m sniffing one of their major servers stealing logins”

While DetoxRansome’s claim of having access to their network could not be confirmed, if it is indeed the case, then Bit Defenders current remedy to reset the passwords and credentials in the wild, will have little to no effect as long as DetoxRansome is able to maintain his presence inside Bitdefender’s network.

While changing your Bitdefender password may or may not have any effect at this point depending on whether Detox Ransome’s claims are true. We do recommend that if you are in the habit of sharing the same password across multiple sites. You change the credentials on any other accounts that may share the same password as your Bitdefender login.

Source Hackerfilm