Popular remote access software company AnyDesk Software published a statement on Friday, 02 February revealing it “found evidence of compromised production systems” during a security audit following “indications of an incident”.
Although few details were shared, the Germany-based company did confirm that the breach was “not related to ransomware” and that it found “no evidence that any end-user devices [had] been affected”.
AnyDesk but mein
In response to the hack, the company says it “immediately activated a remediation and response plan” and contacted the relevant authorities.
“We have revoked all security-related certificates and systems have been remediated or replaced where necessary. We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one,” reads the statement.
If you don’t speak infosec, they’ve changed the locks and patched up or rebuilt the walls where necessary to ensure everything is secure. They’re also updating security measures to better protect against future threats.
While the company appears confident that its software is still safe to use, saying “Our systems are designed not to store private keys, security tokens or passwords that could be exploited to connect to end user devices,” it advised users to change their passwords if they are used elsewhere “as a precaution”.
Read More: Learn cybersecurity basics with these free courses
That’s probably a good idea, seeing as the cybersecurity firm Resecurity recently reported that someone was selling the credentials of over 18,000 AnyDesk customers on a well-known cybercriminal forum for a relatively low $15,000 in cryptocurrency.
Although the sale of these compromised credentials does not appear to be a direct result of the recent breach, Resecurity believes that cybercriminals are rushing to cash in on the resulting confusion among unsuspecting AnyDesk users before the passwords are changed.