Explorer

MOVEit Transfer Tool Leveraged By Hackers To Steal User Data: US Security Researchers

Rapid7 cybersecurity firm observed an increase in compromise cases related to the security flaw following its public disclosure.

According to US security researchers, a group of hackers has successfully stolen data from several users of the widely used file transfer tool MOVEit Transfer. This revelation comes just one day after the software maker, Progress Software Corp, disclosed the existence of a security vulnerability within the system, reported Reuters. The software, developed by the Massachusetts-based company, enables organisations to securely transfer files and data between business partners and customers.

The precise number of affected organisations or the extent of the data breaches remains unclear at this time. Chief Information Officer Ian Pitt declined to provide specific details but assured that Progress Software has already made necessary fixes available after discovering the vulnerability on May 28. Pitt also confirmed that the software's cloud-based service was impacted by the security flaw but noted that there had been no known exploitation of the cloud platform so far.

Rapid7 Inc, a cybersecurity firm, along with Mandiant Consulting, owned by Alphabet Inc's Google, reported multiple instances where the security flaw had been exploited to steal data. Mandiant Consulting's Chief Technology Officer, Charles Carmakal, stated that there had been widespread data theft over the past few days as a result of the flaw. These types of "zero-day" vulnerabilities in managed file transfer solutions have historically led to data theft, leaks, extortion, and victim-shaming.

Rapid7 observed an increase in compromise cases related to the security flaw following its public disclosure. However, Pitt refrained from speculating on the motives behind the data theft or identifying the perpetrators. He did mention that there was no evidence of the flaw being used to propagate malware.

In terms of the scale of affected customers, Pitt noted that MOVEit Transfer had a relatively smaller user base compared to Progress Software's other software products, which number over 20. The company is working closely with forensic partners to gain a comprehensive understanding of the situation and to ensure an ongoing response to the evolving threat.

As the investigation continues, organisations are advised to prepare for potential extortion attempts and the public release of any stolen data. The priority remains on securing affected systems, addressing vulnerabilities, and safeguarding sensitive information.

Top Headlines

OPINION | India's Smartphone Affordability Shift: Why Value Matters More Than Price
OPINION | India's Smartphone Affordability Shift: Why Value Matters More Than Price
Too Much AI Slop On LinkedIn? Users Are Turning To Messy, Human Posts For Better Reach
Too Much AI Slop On LinkedIn? Users Are Turning To Messy, Human Posts
Musk Vs Altman Reloaded: Apple Lawsuit Triggers Fresh AI Billionaire Brawl On X
Musk Vs Altman Reloaded: Apple Lawsuit Triggers Fresh AI Billionaire Brawl
Netflix Considers Radical Live TV Move Amid Growing Engagement Concerns: Report
Netflix Considers Radical Live TV Move Amid Growing Engagement Concerns

Videos

Breaking News: Protests Against Pakistan Government Continue in PoK for 35th Day
Safety Alert: Birthday Banner Falls From Flyover Onto Bike on Thane Highway
Breaking News: Baba Ramdev's Hindu Rashtra Remarks Trigger Political Controversy
Breaking News: Nitesh Rane's Remarks on Aamir Khan's Marriage Spark Political Row
Breaking: Four Teenagers Drown in Yamuna River in Delhi's Alipur

Photo Gallery

25°C
New Delhi
Rain: 100mm
Humidity: 97%
Wind: WNW 47km/h
See Today's Weather
powered by
Accu Weather
Embed widget