Cyber Attack on Data-Protection Company Cyberhaven

Hackers Compromise Employee’s Access to Steal Sensitive Information

Hackers compromised an employee of the data-protection company Cyberhaven and used the worker’s access to potentially steal sensitive information from the firm’s users, the company said in a statement distributed to customers and reviewed by Reuters.

The Attack

The hackers pushed a compromised version of Cyberhaven’s Chrome browser extension to the company’s users early on Wednesday, the statement said. The company urged affected customers to reset passwords and review their logs for malicious activity.

Not Just Cyberhaven

Cyberhaven was not the only organization hit by the hackers, according to Jaime Blasco, cofounder of Austin, Texas-based Nudge Security. Blasco said by examining details of the hack shared by Cyberhaven, he discovered several other Chrome extensions that had been subverted using similar code.

Browser Extensions Under Attack

Browser extensions are typically used by internet users to customize their web-browsing experiences, for example by automatically applying coupons to shopping websites. In Cyberhaven’s case, the Chrome extension was used to help the company monitor and secure client data flowing across web-based applications.

Other Affected Extensions

The other affected extensions included ones related to artificial intelligence and virtual private networks. Blasco said that suggested an opportunistic effort to vacuum up sensitive data using as many compromised extensions as possible.

Opportunistic Attack

"I’m almost certain this is not targeted to Cyberhaven," Blasco said. "If I had to guess, this was just random."

Article Details

• Published On: December 28, 2024 at 09:57 AM IST
• Category: Most Read Placement
• Comments: Comment Section
• Subscribe: Join the community of 2M+ industry professionals and subscribe to our newsletter to get latest insights & analysis.

Download ETCISO App

• Get Realtime updates
• Save your favourite articles

Download ETCISO App from the Play Store or App Store.

Scan to Download App

Scan the QR code to download the ETCISO App.

Related Articles

• Cyberhaven
• Nudge Security
• Browser extensions
• Artificial intelligence
• Virtual private networks