Hackers put BitDefender customer credentials online

Hackers have penetrated systems of the antivirus company BitDefender and have, among other things, stolen customer login details. According to the burglars, the usernames and passwords turned out to be stored in simple text.

The stolen data was put online by the hackers. BitDefender confirmed to Forbes that a number of customers’ usernames and passwords had been stolen. The Romanian antivirus company said that the servers were not hacked, but that the hackers exploited a vulnerability in an application within its cloud service, which allowed data to be intercepted. Ultimately, less than one percent of customers would have been exposed to the hackers, BitDefender said. The problem has since been resolved and affected customers have been notified with a request to change their password.

Contrary to BitDefender’s claims, the hackers claim that they have taken control of two servers that the company uses to provide its cloud services. They used it to intercept login data, they told Forbes. BitDefender is said to use Amazon Elastic Web on its servers. Users of this service are responsible for implementing security with regard to communication between server and client.

The data of approximately 250 customers has been put online. The hackers decided to publish because BitDefender refused to pay the “ransom” for the data. The company was subsequently embarrassed because the data in question was stored in simple text and thus not encrypted. As a result, the stolen data could potentially easily be misused. It is unknown, however, whether that actually happened. BitDefender also did not let go of whether it will work with encryption in the future.