Expert Comment: CCleaner breached by MOVEit Transfer bug
October 2023 by Dr Darren Williams, CEO of Blackfog
Popular defrag and windows registry cleanup tool, CCleaner, has said it was impacted by the MOVEit Transfer bug, which allowed attackers to exfiltrate some of its customers’ data.
Users on Windows and CCleaner forums started sharing emails that they received from the software maker informing them about a recent breach.
The company confirmed that it sent out emails to affected individuals, and that low-risk employee data, as well as some customer data, was impacted according to Cybernews.
Dr Darren Williams, CEO of Blackfog, says “This isn’t the first time that CCleaner has been affected by a breach – in 2017 CCleaner was affected by a backdoor-installing trojan horse malware attack where attackers had the potential to access millions of devices. The MOVEit exploit continues to create new victims with more than 640 recorded so far. The parent company, Piriform, didn’t patch the vulnerability in enough time to prevent this. The news that attackers have exfiltrated their customers data serves to remind us that organisations must ensure they use proper anti data exfiltration (ADX) tools, to ensure their data is fully protected and the risk of data theft is kept to a minimum”.