Antivirus

Last week, antivirus service vendor Emsisoft announced that a third party had compromised a database containing technological logs that had been publicly exposed.

The problem, Emsisoft said, was a misconfiguration that resulted in the Internet disclosure of a database from a test system. On January 18, 2021, the database was initially leaked, and remained so until the data breach was detected on February 3.

The affected framework was used to assess the storage and management of log data generated from Emsisoft products and services and to benchmark them.

Emsisoft said it took the device offline immediately and opened an inquiry into the matter. As a result, it was revealed that 14 email addresses from 7 separate organisations were the only personal information in the database.

The affected device, along with many others, was set up for the assessment of log and event data storage solutions, and was seeded with output log information. Unauthorized third parties were made available to one of the databases, and at least one “individual accessed some or all of the data contained within that database.”

“The data stolen in question consists of technical logs produced during normal use by our endpoint protection software, such as update protocols, and does not generally contain any personal information such as passwords, password hashes, user account names, billing information, addresses, or anything similar,” said Emsisoft.

SEE ALSO:
Avast and Emsisoft release free BigBobRoss ransomware decrypters

As suspicious emails were found in the email clients of the customers, the 14 customer email addresses contained in the archive, the antivirus company said, were included in the scan logs.

The assault was automatic and not directly directed at the company, according to Emsisoft.

Also, our traffic logs indicate that only parts of the affected database and not the entire database have been accessed. However, it is difficult to decide precisely which data rows were accessed due to technological limitations,” the antivirus provider revealed.

Emsisoft said the exposed device did not have access to development processes or databases and that the impacted users were informed of the incident. The organization has noted that new compliance steps have been taken to ensure that future events will not occur.

Previous articleNCIJTF Released a Joint-Sealed Ransomware Factsheet
Next articleWhatsApp and Video calls on Zoom Face Stricter Privacy Rules in Europe
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.