Bitdefender Held Ransom By Hacker, SMB Customer Accounts Affected

Bitdefender is the latest antivirus vendor to be targeted by hackers, with the popular Romania-based company confirming Friday that a hacker had gained access to a server and compromised customer information.

After launching an investigation, a company spokesperson said Bitdefender discovered a hacker had exploited a vulnerability on a single server and had exposed "a very limited number of usernames and passwords." The spokesperson emphasized that hacker had not penetrated the server itself, but only exploited a vulnerability in a single public cloud application.

The issue affected roughly 1 percent of Bitdefender's SMB customers, the company spokesperson said. Enterprise and consumer customers were not affected.

[Related: The 10 Biggest Data Breaches Of 2015 (So Far)]

According to a blog on Hacker Film, the hacker known as DetoxRansome had been attempting to blackmail the vendor on Twitter, releasing some login credentials for Bitdefender employees and asking for $15,000 in ransom to not reveal customer information. Bitdefender did not comment on the random requests.

Bitdefender said that the issue was "immediately resolved" and the company had put "additional security measures" in place. It has contacted the customers potentially affected, asking them to reset their passwords.

"Bitdefender takes security of its customers very seriously and any issue that might involve the security of our customers or the security of our servers is treated with the utmost urgency and seriousness," a Bitdefender spokesperson said in an email.

Partners of Bitdefender, who did not want to be identified, said the company had not reached out to them directly about the hack, but they had received notifications yesterday for some end users to reset their passwords for security purposes.

Despite the hack, partners said they were not concerned about the viability of the Bitdefender solution.

"I've had a good track record with Bitdefender. They're usually the ones that find a lot of the hackers and the antivirus engine is really one of the best that’s out there," one partner said.

This event is just the latest of an increasing number of hackers targeting the security vendors themselves, experts said.

Jane Wright, senior analyst at Hampton, N.H.-based Technology Business Research, said that security vendors being targeted by hackers has become a recurring theme, and has proven to leave a financial black mark on the companies for quite some time. The trend started with the hack of RSA in 2011 and was seen most recently this June with Kaspersky Lab announcing it had been the target of a sophisticated malware platform that had infiltrated several of its internal systems.

"It has been a problem for security vendors. They have to protect their own selves because they are targeted. It could be very difficult for a vendor to recover from these incidents ... This is a risk that all security vendors face," Wright said. "Questions will be raised and customers will question them. It really hurts their business ... Customers are looking harder when deciding on security solutions. They’re not only asking, 'How well will this solution protect my company?', but now they are also asking, 'How much have hackers already learned to evade this solution?'"

Wright said "it's a shame" and "unlucky" when any security vendor is the victim of an attack. She said hackers go after the actual vendors themselves to outsmart the expert, go after ransom money, or simply for the thrill.

As a result, security vendors must "drink their own Kool-Aid" as they represent a tempting target for hackers and are organizations their customers depend on, Douglas Grosfield, president and CEO of Xylotek Solutions, an Ontario-based solution provider, said in an email.

"Oftentimes, it seems like the subject matter experts adopt a 'Do as I say, not as I do' approach," Grosfield said. "That doesn’t cut it in security, no matter whether that is data security, physical security, etc. ... Hacking to hold data or sensitive information for ransom is on the rise, call it data-napping if you will, so technology vendors need to provide superior protection to those who choose to operate with cloud technologies as part of their infrastructure. To do otherwise is to do one's customers a disservice."

That being said, Grosfield praised Bitdefender for getting out ahead of the breach and communicating openly with customers and partners. He said he hoped that this breach would allow the company, and other security vendors, to recognize and fix vulnerabilities in their own systems.

"These situations do offer one silver lining. These things result in exposure of vulnerabilities, and providing a much increased sense of urgency in addressing them, so ultimately there can be positive change. The approach, however, should focus on education and communication rather than malicious motivations," Grosfield said.

PUBLISHED JULY 31, 2015