On one of their test schemes, EMSISOFT Antivirus Firm revealed a data leak. The framework was used by the company to test and benchmark potential solutions for the storing and management of the log data produced by its products and services.

The business took the impacted device offline immediately after being conscious of the violation and began an investigation.

The analysis of the exposed database found that, except for 14 client email addresses of 7 separate organisations, the logs contained in the archive did not contain any personal information.

The experts found out that due to the monitoring of suspicious emails contained in the users’ email clients, these 14 consumer email addresses were included in scan logs.

We found that the logged information did not contain any personal information whatsoever, with the exception of 14 client email addresses of 7 separate organisations,” reads the company’s published data breach notification.”

However, the company insists that educating all its customers of the incident, how exactly it occurred, and what the company plans to do to stop such events in the future is the best thing.

An Insight Into the Incident

The event results from the misconfiguration of a database that was opened to the Public and used in a research environment.

The misconfigured framework was used to analyze the company’s logs and event data for potential preservation and also for benchmarking and assessment.

In order to help understand how the systems testing the scenarios will work, Emsisoft seeded these systems with a subset of log records taken from production systems.

Unfortunately, from January 18th, 2021 to February 3rd, 2021, one of the databases was open to unauthorized third parties due to a configuration bug.

The stolen data consists of technological logs generated during routine use by their endpoint security tools, such as upgrade protocols, which does not usually contain any personal information, such as passwords, password hashes, user account names, billing information, emails, or anything equivalent.

However, owing to the monitoring of suspicious emails contained in the users’ email clients, 14 consumer email addresses were part of the search logs.

The attack was an automatic attack and was not the result of a targeted operation, experts at Emsisoft claim.

Our traffic logs show that only portions of the affected database and not the whole database have been downloaded. “Due to technical limitations, however, it is impossible to determine exactly which data rows were accessed,” continues the notice of the data breach.

Fresh in-place procedures to avoid related accidents

  • In a remote area without internet connectivity and with artificially generated data only, to perform all future experiments and benchmarks.
  • To improve our real-time attack surface research commitment in order to be able to spot related configuration problems faster.
  • In the event that primary attempts fail, the organization is already in the process of placing fallback protection mechanisms in motion.

In order to avoid such accidents in the future, the organization has also contacted the affected customers and introduced new security procedures.

Categorized in:

Tagged in: