Cerberus app users warned about data breach
Posted on 27 March 2014.
Users of the Cerberus anti-theft Android app have been receiving warnings from the Cerberus Security Team, urging them to change their password as they have been reset in the wake of a data breach.

The email goes on to explain that suspicious activity on Cerberus servers has been recently discovered and blocked, but that the user's account has not been compromised.

"However, the attacker(s) were able to gain access to usernames and encrypted passwords for a subset of our users. No other personal data (emails, device information, etc.) has been accessed," the team shared. "While the accessed passwords are encrypted, as an extra precaution we have immediately secured these accounts invalidating the current passwords."

The Cerberus team also issued a statement containing more details about the breach:

"The database was not accessed, password are hashed and uniquely salted multiple times there, and we will migrate to bcrypt soon," they said. "The attacker was able to access a legacy log file that contained usernames and SHA-1 hashes of passwords, that was generated by the app logins between March 1 and March 21."

The team has deleted the log file, stopped the legacy logging procedure, invalidated the passwords for the accounts present into the log and notified the users involved.

Only 3 accounts have been accessed (and notified of this), but they have reset the password of a total of 96564 accounts just in case. "As of March 26, none of the data obtained by the attacker was released publicly, that we know of," they concluded.

The three-people-team behind the app also confirmed that they are working closely with law enforcement on this matter, and that they will be sharing more news as it becomes available and safe to publish.









Spotlight

eBook: Cybersecurity for Dummies

Posted on 16 December 2014.  |  APTs have changed the world of enterprise security and how networks and organizations are attacked. These threats, and the cybercriminals behind them, are experts at remaining hidden from traditional security while exhibiting an intelligence, resiliency, and patience that has never been seen before.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Wed, Dec 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //