Qualys caught up in Accellion FTA breach
Friday, March 5, 2021
The scope of the Accellion FTA breach has now widened to include cloud-based security services supplier Qualys, which has had some of its customer data published to a dark web leak site operated by the Cl0p ransomware gang, as reported by our sister title LeMagIT.
ImmuniWeb’s Ilia Kolochenko commented: “Qualys’ response to the incident is a laudable example of transparent and professional handling of a security incident. Under the integrity of currently disclosed circumstances, I see absolutely no reason for panic.
“The very nature of the incident suggests that the number of affected customers and other third parties is likely very limited. Moreover, sensitive data, such as vulnerability reports or customer passwords, are almost certainly unaffected.
“So, I would definitely refrain from labelling the attack as a breach, but rather a security incident. A third-party investigation will likely shed light on the situation and hopefully will bring even more assurance to Qualys customers.”
Qualys joins a growing number of users of Accellion’s FTA product to have found data stolen via four different vulnerabilities – two found in December 2020 and two in January 2021 – released on Cl0p’s victim-shaming site. Read Full Article
SiliconANGLE: Stablecoin provider Tether extorted over allegedly stolen emails
CPO Magazine: Jones Day Law Firm Associated With Donald Trump Leaks Confidential Client Information in a Third-Party Data Breach