CCleaner, a widely-used optimization app, has suffered a significant data breach. The app’s parent company, Gen Digital, recently confirmed that hackers accessed a vast amount of personal data from its premium users.
The breach occurred in May, with hackers exploiting a flaw in the MOVEit file transfer tool. This tool, popular among many organizations, facilitates the transfer of large data sets online. The compromised data includes names, contact details, and information about purchased products.
Jess Monney, representing Gen Digital, revealed that the breach impacted customer phone numbers, emails, and billing addresses. While she stated that less than 2% of users were affected, the exact number remains undisclosed. Considering CCleaner’s global user base, the impact could be significant. Gen Digital oversees a cybersecurity portfolio with around 65 million paid users, including those of CCleaner.
The delay in notifying the affected users about the breach remains a mystery. This incident is part of a larger hacking spree targeting MOVEit file transfer tools since May. This massive hack, led by the Clop ransomware group, has affected over 2,500 organizations, compromising data of at least 66 million individuals. The actual number might be even higher.
As of now, Clop hasn’t mentioned CCleaner on its dark web platform, where it typically threatens to release stolen data unless a ransom is paid.
Interestingly, another Gen Digital brand, NortonLifeLock, was listed on this platform in August. However, Gen Digital clarified that only employee and contractor data was compromised, ensuring customer data remained safe.
This isn’t the first time CCleaner has faced security issues. In 2017, hackers embedded malware in the software, targeting over two million users, with a focus on major tech and telecom companies.