The British cybersecurity and hardware company Sophos sent an email to some of its customers to warn them that their personal information was exposed after a security breach was discovered on Tuesday.
Exposed customer data was accessible to unauthorized parties due to an incorrect "tool" configuration used by the company to store information from users who contacted the company's support team.
Only a small subset of customers is affected
"On November 24, 2020, Sophos was notified of an access issue to a tool used to store information from customers who have contacted Sophos Support," she said. company.
"As a result, some data from a small subset of Sophos customers were exposed. We fixed the problem quickly. "
Sophos did not provide information on who discovered and revealed the unsafe storage tool or for the exact number of customers whose personal information was exposed because of this security breach.
Exposed data include their names customers, The e-mail and their phone numbers - if given to Sophos Support. The company also said that customer information is no longer exposed after λήψη some remedial measures.
“In Sophos, the privacy and customer safety is always the priority us ", the company added. "We contacted all those affected customers. In addition, we are implementing additional measures to ensure that access settings are always secure. ”
This is not the first security incident to occur this year
Earlier this year, Sophos fixed a zero-day SQL injection vulnerability in Firewall XG after reports that hackers were actively exploiting it in attacks.
A new Trojan malware, named Asnarök by Sophos researchers, exploits zero-day vulnerabilities to try and steal firewall usernames and hashed passwords by XG Firewall users from April 22, 2020.
The same zero-day vulnerability was exploited by some other hackers who tried to deliver Ragnarok ransomware payloads to Windows companies.
Greek
Chinese (Simplified)
English
Greek
Russian