CCleaner says hackers stole users' personal data during MOVEit mass-hack
The maker of the popular optimization app CCleaner has confirmed hackers stole a trove of personal information about its paid customers following a data breach in May.
In an email sent to customers, Gen Digital, the multinational software company that owns CCleaner, Avast, NortonLifeLock and Avira brands, said that the hackers exploited a vulnerability in the widely used MOVEit file transfer tool, which is used by thousands of organizations, including CCleaner, to move large sets of sensitive data over the internet.
The email to customers said that the hackers took names, contact information and information about the products that were purchased.
Jess Monney, a spokesperson for Gen Digital, confirmed that customer phone numbers, email addresses and billing addresses were affected by the breach. Monney said that less than 2% of users were affected, but declined to provide a specific number of affected users.
CCleaner is used by millions of people around the world. Gen Digital does not break down how many paid CCLeaner users it has, but claims to have about 65 million paid customers across its cybersecurity portfolio, which includes CCleaner.
It's not clear why it took CCleaner several months to disclose the incident to affected customers.
The mass-hacking of MOVEit file transfer tools began in May, and quickly became the biggest hack of the year (so far) by the number of victims alone. The never-before-seen vulnerability allowed the notorious Clop ransomware to steal sensitive data from thousands of organizations that stored data on these internet-connected systems. Researchers tracking the mass-hacks say more than 2,500 organizations have confirmed MOVEit-related data breaches since May, amounting to at least 66 million individuals — though, the true number of affected people is likely far higher.
Clop has not yet listed CCleaner on its dark web leak site, which ransomware gangs use to extort companies by publishing stolen files if the hackers' ransom is not paid.
An earlier listing for NortonLifeLock — another Gen Digital brand — was listed on August 14. A spokesperson for Gen Digital said at the time that the incident was limited to the personal information of its employees and contractors, and that "no customer or partner data has been exposed."
In 2017, CCleaner was compromised by hackers who planted malware in the software to spy on more than two million users. The tool maker said that the hackers specifically targeted high-profile tech companies and telecom giants.