Cyberhaven which is a leading data loss prevention firm is now publishing shocking reports about a malicious update done to the Chrome extension by hackers. This could steal customer passwords and even their session tokens as per a new email sent out to those affected.
The latest supply-chain attack was confirmed by the startup itself who spoke to a media outlet related to the matter but failed to delineate more specifics related to the situation.
They similarly shared how there was an email sent out to all clients about hackers compromising the firm’s company account to share malicious updates on this front during the early morning hours of Christmas.
The email shared more on this front including how those running compromised browsers must be aware and take action immediately. A lot of their sensitive data such as authenticated sessions with cookies could be at risk and transferred directly to the attacker’s domain.
While the company’s spokesperson failed to outline more details on this front, it’s certainly very alarming for obvious reasons. They didn’t dispute the authenticity of the claims and shared an email on this front.
It spoke about detecting the compromise during the afternoon hours of Christmas and how the malicious version was soon removed from the Web Store seen on Google Chrome. A new variant of the extension was soon rolled out after this.
The fact that the company itself rolls out products that protect against data exfiltration and other forms of cyberattacks says a lot. This entails browser extensions that enable the firm to monitor everything going on, especially web pages. So far, this extension has more than 400k corporate clients at this point in time.
When media outlets asked to detail more on the incident, it refused to comment on anyone affected and how many people were vulnerable to these attacks. The company has a huge name in terms of its customer list that features Reddit, Snowflake, and even Motorola. Other names are giants from the world of law and health insurance.
As per one email rolled out to affected clients, anyone affected by this incident should think about changing passwords and the credentials for other kinds of sensitive data. They even need to review the logs to see any form of malicious activity arising on the platforms. This includes keeping close checks on session tokens and any kind of cookies stolen from a browser.
For now, the email fails to delineate more on the matter and whether users should change their credentials for other accounts that they store on Chrome. The email only spoke about the company account being the sole admin account at the Chrome Store. No details on how it ended up getting compromised were shared nor what kinds of security policies were currently in place at this time.
Experts feel that the company was not the sole target but a direct target of extension developers. They went after those whose credentials they possessed.
Image: DIW-Aigen
Read next: World Endures 41 Extra Days of Extreme Heat in 2024, Climate Study Blames Human-Induced Warming
The latest supply-chain attack was confirmed by the startup itself who spoke to a media outlet related to the matter but failed to delineate more specifics related to the situation.
They similarly shared how there was an email sent out to all clients about hackers compromising the firm’s company account to share malicious updates on this front during the early morning hours of Christmas.
The email shared more on this front including how those running compromised browsers must be aware and take action immediately. A lot of their sensitive data such as authenticated sessions with cookies could be at risk and transferred directly to the attacker’s domain.
While the company’s spokesperson failed to outline more details on this front, it’s certainly very alarming for obvious reasons. They didn’t dispute the authenticity of the claims and shared an email on this front.
It spoke about detecting the compromise during the afternoon hours of Christmas and how the malicious version was soon removed from the Web Store seen on Google Chrome. A new variant of the extension was soon rolled out after this.
The fact that the company itself rolls out products that protect against data exfiltration and other forms of cyberattacks says a lot. This entails browser extensions that enable the firm to monitor everything going on, especially web pages. So far, this extension has more than 400k corporate clients at this point in time.
When media outlets asked to detail more on the incident, it refused to comment on anyone affected and how many people were vulnerable to these attacks. The company has a huge name in terms of its customer list that features Reddit, Snowflake, and even Motorola. Other names are giants from the world of law and health insurance.
As per one email rolled out to affected clients, anyone affected by this incident should think about changing passwords and the credentials for other kinds of sensitive data. They even need to review the logs to see any form of malicious activity arising on the platforms. This includes keeping close checks on session tokens and any kind of cookies stolen from a browser.
For now, the email fails to delineate more on the matter and whether users should change their credentials for other accounts that they store on Chrome. The email only spoke about the company account being the sole admin account at the Chrome Store. No details on how it ended up getting compromised were shared nor what kinds of security policies were currently in place at this time.
Experts feel that the company was not the sole target but a direct target of extension developers. They went after those whose credentials they possessed.
Read next: World Endures 41 Extra Days of Extreme Heat in 2024, Climate Study Blames Human-Induced Warming
