[BreachExchange] Emsisoft Suffers System Breach

Destry Winant destry at riskbasedsecurity.com
Wed Feb 10 10:55:16 EST 2021 

https://www.infosecurity-magazine.com/news/emsisoft-suffers-system-breach/

The founder of New Zealand cybersecurity company Emsisoft has issued
an apology over a configuration error that led to a system data
breach.

News that one of the company's test systems had been compromised was
shared on February 3 by Emsisoft founder and managing director
Christian Mairoll.

In a security incident that Mairoll wrote "should not have happened,"
a database containing log records generated by Emsisoft products and
services was made accessible to unauthorized third parties.

Mairoll revealed that the database was accessible between January 18,
2021, and February 3 and that at least one individual had accessed
some of its records in an automated attack.

"The attack profile indicates that this was an automated attack and
not specifically targeted at Emsisoft. Also, our traffic logs indicate
that only parts of the affected database were accessed and not the
entire database," wrote Mairoll in a February 4 incident update.

"However, due to technical limitations it’s impossible to determine
exactly which data rows were accessed."

In response to the attack, the company took the impacted system
offline and started a complete forensic analysis of the incident. The
investigation revealed that 14 customer email addresses associated
with seven different organizations were among the data impacted by the
breach.

"The stolen data in question consists of technical logs produced by
our endpoint protection software during normal usage, such as update
protocols, and generally does not contain any personal information
like passwords, password hashes, user account names, billing
information, addresses, or anything similar," wrote Mairoll.

"However, as part of the investigation, we noticed that 14 customer
email addresses were part of the scan logs due to detections of
malicious emails stored in the users’ email clients."

Customers whose email addresses were in the stolen logs have been
contacted by Emsisoft. Since the incident, the company has voiced a
commitment to perform all future tests and benchmarks in an isolated
environment without internet access and with artificially generated
data only.

"We understand the importance of our role as guardians of your
information and online safety and will continue to work every day to
re-earn your trust," said Mairoll.

More information about the BreachExchange mailing list