Sophos recently shut down its Partner Portal site and reset all user passwords after identifying suspicious activity on its Web server.
“Sophos Endpoint Security detected and blocked an attempt by the attacker to upload two hacking tools to the server,” the company said in a statement. “The first was a program designed to steal passwords, the second a privilege escalation tool. Sophos detected these as the PUAs (potentially unwanted applications) as ‘Windows Credentials Extractor’ and ‘BackEx.'”
“An investigation is ongoing, but initial analysis of the incident reveals that the server’s database includes partner names, email addresses, business addresses, contact information and hashed passwords,” writes Softpedia’s Eduard Kovacs.
“Only the older partner portal, located at https://gpp.partners.sophos.com, has been affected by this security incident, Sophos said,” writes Only the older partner portal, located athttps://gpp.partners.sophos.com, has been affected by this security incident, Sophos said. Partners that have already moved to its new Salesforce.com-based portal don’t have to worry about the password resets or downtime.Computerworld’s Lucian Constantin. “Partners that have already moved to its new Salesforce.com-based portal don’t have to worry about the password resets or downtime.”
“While this kind of thing is embarrassing for any security firm, Sophos isn’t alone in having its systems breached recently,” notes The Register’s Iain Thomson. “A leak from Microsoft’s Active Protections Program (MAPP) last month saw attack code released onto the web, and Symantec has also admitted that some of its source code has gone missing at the start of the year, following a leak at a third-party supplier.”