Last week, antivirus service vendor Emsisoft announced that a third party had compromised a database containing technological logs that had been publicly exposed.
The problem, Emsisoft said, was a misconfiguration that resulted in the Internet disclosure of a database from a test system. On January 18, 2021, the database was initially leaked, and remained so until the data breach was detected on February 3.
The affected framework was used to assess the storage and management of log data generated from Emsisoft products and services and to benchmark them.
Emsisoft said it took the device offline immediately and opened an inquiry into the matter. As a result, it was revealed that 14 email addresses from 7 separate organisations were the only personal information in the database.
The affected device, along with many others, was set up for the assessment of log and event data storage solutions, and was seeded with output log information. Unauthorized third parties were made available to one of the databases, and at least one “individual accessed some or all of the data contained within that database.”
“The data stolen in question consists of technical logs produced during normal use by our endpoint protection software, such as update protocols, and does not generally contain any personal information such as passwords, password hashes, user account names, billing information, addresses, or anything similar,” said Emsisoft.
As suspicious emails were found in the email clients of the customers, the 14 customer email addresses contained in the archive, the antivirus company said, were included in the scan logs.
The assault was automatic and not directly directed at the company, according to Emsisoft.
Also, our traffic logs indicate that only parts of the affected database and not the entire database have been accessed. However, it is difficult to decide precisely which data rows were accessed due to technological limitations,” the antivirus provider revealed.
Emsisoft said the exposed device did not have access to development processes or databases and that the impacted users were informed of the incident. The organization has noted that new compliance steps have been taken to ensure that future events will not occur.