Bitdefender suffers data breach, customer records stolen

A hacker is demanding $15,000 in payment or they plan to release customer details online.
Written by Charlie Osborne, Contributing Writer

Bitdefender has become the latest cybersecurity firm to be targeted by hackers.

A cyberattacker has been able to extract customer login credentials for Bitdefender clients. An individual dubbed DetoxRansome extolled the data breach on Twitter over the weekend, taking responsibility for the attack and posting a message saying: "Guess what guys Bitdefender has been toppled by yours truly."

DetoxRansome has also demanded $15,000 from Bitdefender, threatening the leak of a customer database online unless the ransom demand is accepted.


The hacker latest released login credentials for two Bitdefender employees and one customer as proof of the corporate data theft.

In a blog post, security researchers Travis Doering and Dan McPeake say the hacker was willing to sell Bitdefender data including "access to all usernames and passwords persistently to their (Bitdefender) flagship products." The cyberattacker then posted a sample of some of the stolen data, including plain text username and matching passwords for over 250 accounts, which the company confirmed as accounts in active use.

Bitdefender admitted a security breach has taken place, but insisted that "less than one percent" of its small to medium-sized businesses were affected -- and no consumer or enterprise clients will suffer due to the data breach.

The attack occurred through a "security issue with a single server," according to Bitdefender.

A single application exposed a "very limited number" of customer login credentials through public cloud services. The vulnerability did not allow for database penetration; rather, "a vulnerability potentially enabled exposure of a few user accounts and passwords," Bitdefender says.

Bitdefender has not given in to the hacker's demands and is currently working with law enforcement to investigate the issue. A Bitdefender spokesperson told The Register:

"The issue was immediately resolved and additional security measures were put in place in order to prevent it from reoccurring. As an extra precaution, a password reset notice was sent to all potentially affected customers.
Our investigation revealed no other server or services were impacted. Bitdefender takes security of its customers very seriously and any issue that might involve the security of our customers or the security of our servers is treated with the utmost urgency and seriousness."

In June, cybersecurity firm Kaspersky Lab became the victim of a cyberattack deemed "almost invisible" and extremely difficult to detect. The company believes the attack was carried out by the same group that was behind the 2011 Duqu attack and was likely state-sponsored.

Beach reads for tech junkies

Read on: Top picks

In pictures:

Editorial standards