Cerberus app users warned about data breach
Posted on 27 March 2014.
Users of the Cerberus anti-theft Android app have been receiving warnings from the Cerberus Security Team, urging them to change their password as they have been reset in the wake of a data breach.

The email goes on to explain that suspicious activity on Cerberus servers has been recently discovered and blocked, but that the user's account has not been compromised.

"However, the attacker(s) were able to gain access to usernames and encrypted passwords for a subset of our users. No other personal data (emails, device information, etc.) has been accessed," the team shared. "While the accessed passwords are encrypted, as an extra precaution we have immediately secured these accounts invalidating the current passwords."

The Cerberus team also issued a statement containing more details about the breach:

"The database was not accessed, password are hashed and uniquely salted multiple times there, and we will migrate to bcrypt soon," they said. "The attacker was able to access a legacy log file that contained usernames and SHA-1 hashes of passwords, that was generated by the app logins between March 1 and March 21."

The team has deleted the log file, stopped the legacy logging procedure, invalidated the passwords for the accounts present into the log and notified the users involved.

Only 3 accounts have been accessed (and notified of this), but they have reset the password of a total of 96564 accounts just in case. "As of March 26, none of the data obtained by the attacker was released publicly, that we know of," they concluded.

The three-people-team behind the app also confirmed that they are working closely with law enforcement on this matter, and that they will be sharing more news as it becomes available and safe to publish.









Spotlight

Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //