Trust issues: data leaks of antivirus companies

antivirus breach data leak antivirus companies cyber security it news

Breach Report team decided to check 81 antivirus companies in the database of 14,5 billion breached records.

Domain names of only 6 companies out of 81 (7,4%) appear to have never been leaked. More than 73,000 corporate emails belonging to 75 of them have been compromised. The breached data includes more than 157,000 passwords, including 47,000 plain text ones, almost 1,000 credit card records and lots of other personal data.

Based on Breach Report research of 81 antivirus companies’ domain names, July 2020

Does this mean that cybersecurity companies do a bad job? Well, the status quo is not that simple. The cat-and-mouse game of hackers and security companies never stops. And attacks on antivirus company domains are rather regular. Here are some of the recent ones.

On June 25, 2020, a file belonging to an information security company lOrbit was published on a hacker forum. 14,833 of lOrbit user records were leaked on May 20, 2020. The base contains user names, emails, dates of birth, IP addresses, profile creation data, and last activity information, social media and messenger identifiers and tokens, as well as other personal data.

 

The attacker stated that he used a vBulletin SQL injection for forums.iobit.com. The vulnerability hadn’t been patched before the hack occurred.

lOrbit is no stranger to serious breaches like this. After the attack in November 2017, the passwords weren’t leaked, but in 2015 the criminals managed to get hold of 76,500 user accounts, compromising email addresses and plain text passwords.

Another antivirus company that was hacked recently is Comodo. Their forums were breached in 2019 and 2020 with the databases being sold on the dark web. The hacker used the same vulnerability as the lOrbit attacker — vBulletin CVE-2019-16759.

Here are some of the earlier resonant attacks of this kind:

  • On November 7, 2019, a new database surfaced on the web containing more than 5,000 unique records belonging to the ZoneAlarm forum. This brand serves 100 million users with the protection against viruses, spyware, hackers, and identity theft. The compromised data included emails, salted hashed passwords, IP addresses, user ids, and birth dates.

  • On April 24, 2019, a cybercriminal collective Fxmsp claimed to have access to three leading antivirus companies. The criminals extracted sensitive source code from antivirus software, artificial intelligence, and security plugins belonging to the three companies. Fxmsp ask more than $300,000 for access to corporate networks and stolen data. The hackers don’t disclose the names of the attacked companies.

  • In 2017 an identity theft protection company LifeLock failed to secure their users' data. The hackers exploited the simple vulnerability that allowed any user to index millions of user emails and unsubscribe customers from all communications from the company.

  • In 2015 an information security researcher Chris Vickery discovered open access to more than 25 million compromised accounts, including 13 million user records of MacKeeper antivirus software. The passwords are MD5-hashed, which means they are easily hackable.


The screenshot proof from Chris Vickery

  • In May 2014, one of the most famous software companies, Avast, suffered a data breach. The attack compromised 422,986 forum.avast.com accounts containing usernames, full names, email addresses, and hashed (one-way encrypted) passwords.

How can users protect their data if even cybersecurity companies become the sources of data leaks? Breach Report’s database shows the scale of contemporary cybercrime — more than 14,5 billion breached accounts! But these kinds of leaks do not always indicate that a company’s domain has been breached. Sometimes the target is the website where the company’s employee registered with the use of a corporate email. But it is still associated with the security risks for the company.

It is surely impossible to control how every employee is complying with the company’s security policy. And we absolutely can’t control the safety of the third party websites. This is why experts recommend companies to use additional tools besides antivirus software. For example, alert systems, such as BreachReport.com dark web monitoring and notification service. With the help of this effective and affordable solution, any individual user or organization can check if their data have been compromised and take necessary precautions in case of a breach. This simple tool can help save millions of dollars of damage from malicious cyber-attacks.