BitDefender, a Romanian software company that supplies Internet security products to hundreds of millions of clients both in the workplace and at home, admits hackers have made off with the usernames and passwords of an undisclosed number of customers.
An individual using the alias “detoxransome” claimed earlier this week that they had breached a system used by the security firm and threatened on Twitter to leak a customer database unless compensated by the company to the tune of $15,000.
Login credentials compromised in the purported attack have since been published online, and representatives with the Romanian software maker now confirm the breach and say an investigation is underway.
Attackers didn’t hack BitDefender’s internal network, but had gone after a third-party application linked to its server, the company told Forbes on Friday. Nonetheless, a spokesperson for the firm acknowledged that :
a vulnerability potentially enabled exposure of a few user accounts and passwords
BitDefender believes that the data stolen is “very limited” in scope and representing “less than one per cent of our SMB customers,” or small- and medium-sized business clients.
“The issue was immediately resolved and, additional security measures were put in place in order to prevent it from reoccurring,” the spokesperson said. “This does not affect our consumer or enterprise customers. Our investigation revealed no other server or services were impacted.”