Antivirus Firm Emsisoft Discloses Data Breach

Antivirus solutions provider Emsisoft revealed last week that a third-party had accessed a publicly exposed database containing technical logs.

The issue, Emsisoft said, was a misconfiguration that resulted in a database from a test system becoming exposed to the Internet. The database was initially exposed on January 18, 2021, and remained so until the data breach was identified, on February 3.

The affected system was used for evaluation and benchmarking of the storage and management of log data generated from Emsisoft products and services.

Emsisoft said it immediately took the system offline and launched an investigation into the matter. As a result, it discovered that the only personal information in the database involved 14 email addresses from 7 different organizations.

The affected system, along with several others, was set up for the evaluation of storage options for log and event data, and was seeded with log records from production. One of the databases was made accessible to unauthorized third parties, and at least one “individual accessed some or all of the data contained within that database.”

“The stolen data in question consists of technical logs produced by our endpoint protection software during normal usage, such as update protocols, and generally does not contain any personal information like passwords, password hashes, user account names, billing information, addresses, or anything similar,” Emsisoft said.

The 14 customer email addresses that were stored in the database, the antivirus firm said, were included in the scan logs because malicious emails were detected in the users’ email clients.

According to Emsisoft, the attack was automated and not specifically targeted at the company.

“Also, our traffic logs indicate that only parts of the affected database were accessed and not the entire database. However, due to technical limitations it’s impossible to determine exactly which data rows were accessed,” the antivirus provider revealed.

Emsisoft said the exposed system did not provide access to production systems or databases and that the affected users were notified of the incident. The company also noted that it took additional security measures to ensure similar incidents won’t happen.

Related: Web Developer Hub SitePoint Discloses Data Breach

Related: Airbus CyberSecurity Subsidiary Stormshield Discloses Data Breach

Related: Embedded Software Developer Wind River Discloses Data Breach