In an email sent to customers, the technology giant that owns the Gen Digital, CCleaner, Avast, NortonLifeLock and Avira brands confirmed that hackers successfully exploited a security vulnerability in the MOVEit file transfer tool, thanks to which they were able to access a large amount of sensitive files. Data. TechCrunch.
The message said the hackers may have stolen names, contact details and information about products purchased – as Gen Digital spokesperson Jess Mooney confirmed.
Customer phone numbers, email addresses and billing addresses were also affected in the “breach”.
Mooney did not explain why CCleaner took months to communicate the incident to affected customers, but said less than 2% of paying customers were affected.
Mass hacks of MOVEit file transfer tools began in May. The unprecedented vulnerability allowed the notorious Clop Ransomware group to steal sensitive data from thousands of organizations that stored data on these Internet-connected systems.
More than 2,500 organizations have confirmed a data breach related to MOVEit since May, affecting at least 66 million people — though the real number is likely much higher, according to researchers who track mass hacking attacks.
Interestingly, the extortion group has not yet listed the extracted data on its dark web site, although their usual practice is to demand a “ransom” from the companies involved in the obtained data.
