BitDefender hacked, unencrypted customer information compromised, hacker demands ransom from the AV firm in return for the exploit and stolen database.

One of the world’s leading anti-virus solutions vendor BitDefender has been hacked by a hacker going by the name of DetoxRansome.  The hacker claims to have access to the BitDefender customer information including passwords, which the hacker claims were stored in unencrypted format by BitDefender.


DetoxRansome has been demanding ransom from BitDefender according to Forbes. The hacker has even showed the Thomas Brewster of Forbes the unencrypted usernames and passwords purportedly belonging to the BitDefender customers.

BitDefender in a emailed statement has stated that it found a potential security issue with a server and determined a single application was targeted – a component of its public cloud offering.

BitDefender added that the hacker could not penetrate the server but had gained access to a few usernames and passwords due to a vulnerability. The company did not state as to how many customer user accounts were compromised but said that the compromised customers were“less than one per cent of our SMB customers.”

“The issue was immediately resolved and, additional security measures were put in place in order to prevent it from reoccurring. As an extra precaution, a password reset notice was sent to all potentially affected customers,” the spokesperson added. “This does not affect our consumer or enterprise customers. Our investigation revealed no other server or services were impacted.”

Researchers, Travis Doering & Dan McPeake from the Hacker Film stated on their blog that DetoxRansome had demanded $15000 as ransom from BitDefender on 24th July in return for the stolen data base and the exploit which the hacker used. Further the hacker had threatened to leak the database if the ransom demand was not met.

When the BitDefender took their tweet lightly, they tried again to convince BitDefender to pay up the ransom amount on 25th July.

Hacker Film notes that,

“DetoxRansome made his second attempt to monetize Bitdefender’s freshly stolen data, as well as the exploit with which he procured it. DR posted a listing on a pastee page detailing the private sale of what he later described in an email as “access to all usernames and passwords persistently to their (Bitdefender) flagship products”. He posted a sample of some of what he had stolen which contained the plain text username and matching passwords for over 250 active Bitdefender accounts. Travis Doering and Bitdefender were able to confirm many of them as active accounts. In the body of the pastee post DR also listed the following message “This is a sample I have more, email for details of the hole (EMAIL REDACTED)” Those words then launched an online bidding war for the stolen credentials and details of the exploit used by DR.”

The data that the hacker dumped online contained 250 customer usernames and passwords and were confirmed by BitDefender to be active customers of their firm.

On Tuesday, 28th July in another email, DetoxRansome said they had taken control of two BitDefender cloud servers and “got all logins” contrary to the BitDefender’s statement.

The hacker also said that the data they had access to was unencrypted,  “Yes they were unencrypted, I can prove it… they were using Amazon Elastic Web cloud which is notorious for SSL [a form of web encryption] problems.”


The Romania based AV firm has not yet paid the ransom demanded by the hackers and said that the authorities were investigating the matter.

The Hacker Film noted on 29th July that the BitDefender compromised data was being sold on the Dark Web underground forums.

Of late, anti virus makers have been targeted by the cyber criminals. Earlier it was reported by the NSA contractor cum whistleblower, Edward Snowden that NSA had targeted almost all major antivirus companies including BitDefender. Close on the heels of that revelation, Google researcher, Tavis Ormandy discovered worrisome flaws in ESET antivirus on 24th June, 2015.