Antivirus Firm Exposed Internal Log data Generated by their Products

EMSISOFT, Antivirus Company exposed a data breach on one of their test systems. The business used the system to evaluate and benchmark possible options connecting to the storage and management of the log data generated by their products and services.

The investigation of the exposed database exposed that the logs kept in the archive consisted of no personal information, except for 14 client email addresses of 7 different organizations.

The business, nevertheless, believes it is the best thing to notify all their consumers about the occurrence, how exactly it took place, and what the company is planning to do to prevent comparable incidents in the future.

The experts pointed out that these 14 customer email addresses were consisted of in scan logs due to detections of malicious e-mails saved in the users email clients.

Rapidly after becoming conscious of the breach, the company took the afflicted system offline and started an investigation.

” We discovered that the logged info contained no individual information whatsoever, other than for 14 consumer e-mail addresses of 7 various companies”, checks out data breach notification published by the business.

An Insight into the Incident

Unfortunately, due to a configuration mistake, one of the databases was accessible to unapproved 3rd parties from January 18th, 2021 to February 3rd, 2021.

The taken information consists of technical logs produced by their endpoint protection software application during typical usages, such as upgrade procedures, and usually does not consist of any individual details like passwords, password hashes, user account names, billing info, addresses, or anything comparable.

Still, 14 customer email addresses belonged to the scan logs due to detections of destructive emails kept in the users email clients.

The incident stems from the misconfiguration of a database, used in a test environment, that was exposed to the Internet.

The misconfigured system was used for evaluating future storage of the businesss logs and occasion data and furthermore for benchmarking and assessing.

Emsisoft professionals believe that the attack was an automated attack and was not the result of a targeted campaign.

” Our traffic logs show that just parts of the affected database were accessed and not the entire database. Due to technical restrictions, its difficult to identify precisely which information rows were accessed”, checks out the data breach alert.

Emsisoft seeded these systems with a subset of log records taken from production systems to better understand how the systems assessing would carry out given circumstances.

New Policies in Place to Prevent any Similar Incidents

To perform all future tests and standards in a separated environment without web gain access to and with synthetically created data just.
To increase our investment in real-time attack surface analysis to be able to discover similar setup concerns quicker.
The company is likewise in the procedure of putting fallback security measures in location in case main efforts stop working.

You can follow us on Linkedin, Twitter, Facebook for everyday Cybersecurity and hacking news updates.

The business already notified the affected users and carried out extra security procedures to avoid comparable occurrences in the future.