According to US security researchers, a group of hackers has successfully stolen data from several users of the widely used file transfer tool MOVEit Transfer. This revelation comes just one day after the software maker, Progress Software Corp, disclosed the existence of a security vulnerability within the system, reported Reuters. The software, developed by the Massachusetts-based company, enables organisations to securely transfer files and data between business partners and customers.
The precise number of affected organisations or the extent of the data breaches remains unclear at this time. Chief Information Officer Ian Pitt declined to provide specific details but assured that Progress Software has already made necessary fixes available after discovering the vulnerability on May 28. Pitt also confirmed that the software's cloud-based service was impacted by the security flaw but noted that there had been no known exploitation of the cloud platform so far.
Rapid7 Inc, a cybersecurity firm, along with Mandiant Consulting, owned by Alphabet Inc's Google, reported multiple instances where the security flaw had been exploited to steal data. Mandiant Consulting's Chief Technology Officer, Charles Carmakal, stated that there had been widespread data theft over the past few days as a result of the flaw. These types of "zero-day" vulnerabilities in managed file transfer solutions have historically led to data theft, leaks, extortion, and victim-shaming.
Rapid7 observed an increase in compromise cases related to the security flaw following its public disclosure. However, Pitt refrained from speculating on the motives behind the data theft or identifying the perpetrators. He did mention that there was no evidence of the flaw being used to propagate malware.
In terms of the scale of affected customers, Pitt noted that MOVEit Transfer had a relatively smaller user base compared to Progress Software's other software products, which number over 20. The company is working closely with forensic partners to gain a comprehensive understanding of the situation and to ensure an ongoing response to the evolving threat.
As the investigation continues, organisations are advised to prepare for potential extortion attempts and the public release of any stolen data. The priority remains on securing affected systems, addressing vulnerabilities, and safeguarding sensitive information.