From PC World: Logitech is probably the best known PC accessory manufacturer apart from Microsoft and Apple. And since the company has spent the last few years trying to expand its software offerings, it’s a little concerning that it was recently hit with a massive data leak. Logitech confirmed that it had been compromised late last week.
The “cybersecurity incident relating to the exfiltration of data” probably includes consumer, business, and employee data, according to an official statement. Logitech claims that it believes consumer identity and payment information was not leaked, as it wasn’t on the affected systems. The company says it was compromised through a zero-day exploit on a third-party system that’s been patched. Other details are scarce.
BleepingComputer points the finger at the Clop (“cl0p”) extortion gang. This group recently claimed that it managed to compromise Oracle E-Business Suite systems, and Oracle responded with a confirmation of the zero-day exploit the group is thought to be using for ransomware attacks. According to BleepingComputer, Logitech was added to a publicly displayed list of compromised targets, some of which have confirmed receipt of ransomware demands. Clop claims to have captured 1.8 terabytes of data specifically from Logitech.
What can you do to protect yourself from this and other massive data breaches? As an end user, not a lot. These massive breaches tend to be the result of (1) lax security by the companies that already have your data or (2) zero-day exploits that are impossible to predict or defend against.
View: Full Article
