CCleaner User Data Stolen In MOVEit Mass Hack

In the summer it was revealed that a vulnerability in the file transfer tool MOVEit posed a serious threat. This is actually supposed to ensure more security, but exactly the opposite was the case. Because the scale of a mass hack is getting bigger and bigger.

Long list of Affectees

Sony, Paramount/Nickelodeon, and a banking service provider that works for Deutsche Bank and ING: These are some of the well-known names and companies that fell victim to a mass hack related to MOVEit. Now another name is added, namely CCleaner.

Users of the popular but controversial tool were recently informed by email that hackers had stolen a large amount of personal data from paying customers. In the message, CCleaner parent Gen Digital, which also owns Avast, Norton LifeLock, and Avira, writes that the attackers exploited a MOVEit vulnerability last May.

The email to affected customers said the hackers stole names, contact information, and information about the products they purchased. A spokeswoman for Gen Digital confirmed to TechCrunch that phone numbers, email addresses, and billing addresses had fallen into the hands of the attackers.

According to Jess Monney, less than two percent of all customers were affected – but Monney did not want to quantify the incident precisely. Although CCleaner is used by several million people around the world, it is not known how many paid users it actually has. Gen Digital did not want to answer why it took several months to inform its customers about this serious security incident.

The MOVEit hack is related to a ransomware called Clop, which is used to blackmail affected companies so that the attackers do not publish the stolen data.

Leave a Reply