Antivirus Firm Exposed Internal Log data Generated by their Products

EMSISOFT, Antivirus Firm revealed a data breach on one of their test systems. The company used the system to evaluate and benchmark possible solutions relating to the storage and management of the log data generated by their products and services.

Quickly after becoming aware of the breach, the company took the affected system offline and started an investigation.

The investigation of the exposed database revealed that the logs stored in the archive contained no personal information, except for 14 customer email addresses of 7 different organizations.

The experts pointed out that these 14 customer email addresses were included in scan logs due to detections of malicious emails stored in the users’ email clients.

“We discovered that the logged information contained no personal information whatsoever, except for 14 customer email addresses of 7 different organizations”, reads data breach notification published by the company.

The company, however, believes it is the right thing to inform all their customers about the incident, how exactly it happened, and what the company is planning to do to prevent similar incidents in the future.

An Insight into the Incident

The incident stems from the misconfiguration of a database, used in a test environment, that was exposed to the Internet.

The misconfigured system was used for evaluating future storage of the company’s logs and event data and additionally for benchmarking and evaluating.

Emsisoft seeded these systems with a subset of log records taken from production systems to better understand how the systems evaluating would perform given scenarios.

Unfortunately, due to a configuration error, one of the databases was accessible to unauthorized third parties from January 18th, 2021 to February 3rd, 2021.

The stolen data consists of technical logs produced by their endpoint protection software during normal usages, such as update protocols, and generally does not contain any personal information like passwords, password hashes, user account names, billing information, addresses, or anything similar.

Still, 14 customer email addresses were part of the scan logs due to detections of malicious emails stored in the users’ email clients.

Emsisoft experts believe that the attack was an automated attack and was not the result of a targeted campaign.

“Our traffic logs indicate that only parts of the affected database were accessed and not the entire database. However, due to technical limitations, it’s impossible to determine exactly which data rows were accessed”, reads the data breach notification.

New Policies in Place to Prevent any Similar Incidents

• To perform all future tests and benchmarks in an isolated environment without internet access and with artificially generated data only.
• To increase our investment in real-time attack surface analysis to be able to notice similar configuration issues sooner.
• The company is also in the process of putting fallback security measures in place in case primary efforts fail.

The company already notified the affected users and implemented additional security measures to prevent similar incidents in the future.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.