February 9, 2024 at 04:09PM
AnyDesk disclosed details about a recent hacker attack, revealing the breach was discovered in mid-January with initial intrusion occurring in late December 2023. The company confirmed no evidence of malicious software being distributed to customers and is revoking certificates and pushing out software updates. It also enforced a password reset as a precaution. AnyDesk assured that there was no ransomware attack or extortion attempt, and clarified recent reports of user credentials being sold on the dark web are unrelated to the incident.
Key takeaways from the meeting notes are as follows:
– AnyDesk experienced a hacker attack that was discovered in mid-January, with the initial breach occurring in late December 2023.
– The investigation confirmed that production systems were compromised, but no evidence suggests that customer credentials were acquired or that malicious versions of the AnyDesk software were distributed as a result of the incident.
– Code-signing certificates and security-related certificates are being revoked, and software updates with new certificates are being pushed out as a precautionary measure.
– AnyDesk is enforcing a password reset for all customers as a proactive measure, although it is unlikely that the attackers obtained user credentials.
– Two relay servers in Europe were compromised, potentially allowing attackers to trick customers into using malicious software, but the company has ruled out the possibility of user session hijacking.
– AnyDesk confirmed that the incident was not a ransomware attack and no extortion attempt was made.
– Reports of user credentials being sold on the dark web are unrelated to the incident, as the credentials were stolen directly from customer systems by information-stealing malware. The forced password reset is intended to address this risk for affected customers.