Specialists at security firm Sophos have notified some of their clients of a data exposure incident resulting from security flaw detected on Tuesday. User data was leaked due to the wrong configuration of a tool used by the company for storing user information queries.
In a statement, the company noted some details about the attack: “On November 24th we were notified of an unauthorized access issue in a tool used to store information about customers who have contacted the support area. As a result of the attack, some data from a small number of customers was leaked.”
Sophos did not provide details about who discovered the flaw in this tool or the exact number of affected users. The compromised information includes details such as the full name of users, their email addresses and phone numbers if they have been shared with Sophos.
The security firm also mentioned that the incident has already been fully mitigated: “Customer privacy and security are always our priority. We are contacting all affected customers.” “In addition, we are implementing additional measures to ensure that access permission settings are secure on an ongoing basis,” Sophos added.
The company has been through more problems than normal. In early 2020, Sophos fixed a SQL injection zero-day failure in its XG Firewall solution after receiving reports on some active exploitation cases. Hackers used the Asnar-k malware to exploit the flaw and steal the names and passwords of firewall users.
Subsequent reports indicate that this same firewall solution was also exploited to try to deliver Ragnarok ransomware payloads in the Windows system implementations used by the company. Although this attack campaign was fruitless, it remained active for a considerable time.